Design/Logic Flaw

The getObjectByToken function in Newsletter.php in the PimcoreToolNewsletter module in pimcore 1.4.9 through 2.1.0 does not properly handle an object obtained by unserializing a pathname, which allows remote attackers to conduct PHP object injection attacks and delete arbitrary files via vectors...

CVE-2014-2922

The getObjectByToken function in Newsletter.php in the PimcoreToolNewsletter module in pimcore 1.4.9 through 2.1.0 does not properly handle an object obtained by unserializing a pathname, which allows remote attackers to conduct PHP object injection attacks and delete arbitrary files via vectors...

CVE-2014-2921

The getObjectByToken function in Newsletter.php in the PimcoreToolNewsletter module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via...

CVE-2014-2921

CVE-2014-2921 affects Pimcore’s Newsletter tool. The vulnerability in the getObjectByToken function (Newsletter.php) occurs in Pimcore versions 1.4.9–2.0.0 and stems from improper handling of an object obtained by unserializing Lucene search data, enabling PHP object injection and arbitrary code ...

CVE-2014-2922

CVE-2014-2922 affects Pimcore CMS, specifically the Pimcore_Tool_Newsletter Newsletter.php path. The issue occurs in Pimcore 1.4.9 through 2.1.0 where getObjectByToken mishandles an object obtained by unserializing a pathname, enabling PHP object injection via a serialized payload. Reported explo...

DEBIAN-CVE-2014-1691

The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the formvars form...

CVE-2014-1691

The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the formvars form...

CVE-2014-1691

The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the formvars form...

Design/Logic Flaw

The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the formvars form...

CVE-2014-1691

The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the formvars form...

UBUNTU-CVE-2014-1691

The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the formvars form...

CVE-2014-1691

The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the formvars form...

CVE-2014-1691

The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the formvars form...

CVE-2014-1691

CVE-2014-1691 affects Horde (

Horde Framework - Unserialize PHP Code Execution (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Horde Framework Unserialize PHP Code Execution', 'Description' = %q This module exploits a php unserialize vulnerability in Horde...

Horde Framework Unserialize PHP Code Execution

This Metasploit module exploits a php unserialize vulnerability in Horde versions 5.1.1 and below which could be abused to allow unauthenticated users to execute arbitrary code with the permissions of the web server. The dangerous unserialize exists in the 'lib/Horde/Variables.php' file. The...

Horde Framework Unserialize PHP Code Execution

This module exploits a php unserialize vulnerability in Horde 'Horde Framework Unserialize PHP Code Execution', 'Description' = %q This module exploits a php unserialize vulnerability in Horde 'EgiX', Exploitation technique and Vulnerability discovery originally reported by the vendor 'juan...

PHP object injection vulnerability allows for arbitrary code execution

More info at https://contao.org/en/news/major-security-hole-found-in-contao.html...

Contao CMS 3.2.4 Code Execution Vulnerability

Contao CMS versions 3.2.4 and below suffer from a code execution vulnerability. Hi, I have discovered a vulnerability that might lead to code execution in Contao CMS Vulnerabilities in Contao 3.2.4 Discovered by Pedro Ribeiro email protected of Agile Information Security...

Security feature bypass

The "Remember me" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object...