CVE-2013-5350

The "Remember me" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object...

CVE-2013-5350

The "Remember me" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object...

CVE-2013-5350

OpenPNE contains a PHP Object Injection vulnerability in opSecurityUser.getRememberLoginCookie() that processes cookies with unserialize(base64_decode()) without proper input filtering. A remote unauthenticated attacker could craft a serialized object in a Cookie header to execute arbitrary PHP c...

OpenPNE vulnerable to PHP Object Injection

Overview OpenPNE contains an issue in processing Cookie headers, which may result in a PHP Object Injection vulnerability. Egidio Romano of Secunia reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A remote,...

JVN#69986880: OpenPNE vulnerable to PHP Object Injection

OpenPNE contains an issue in processing Cookie headers, which may result in a PHP Object Injection vulnerability. Impact A remote, unauthenticated attacker may execute an arbitrary PHP code. Solution Apply an update Update to the latest version according to the information provided by the...

LiveZilla 5.1.2.0 PHP Object Injection

Author: Jakub Zoczek [email protected] CVE Reference: CVE-2013-7034 Product: LiveZilla Vendor: LiveZilla GmbH http://livezilla.net Affected version: 5.1.2.0 Severity: Medium CVSSv2 Score: 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N Status: Fixed 0x01 Background LiveZilla, the widely-used and trusted Live Help...

osCmax e-Commerce 2.5.3 Cross Site Scripting / Shell Upload

Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail : submitat1337day.com 1 0 0 1 1 0 I'm KedAns-Dz member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Title : osCmax...

osCmax e-Commerce v2.5.3 (FU/ObjectInject) Multiple Vulnerabilities

osCmax e-Commerce v2.5.3 is suffer from multiple vulnerabilities remote attacker can upload file/shell via header attacks or exec a JavaScript Code & Inject a remote Object see also : CVE-2013-4144 Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site :...

Vanilla Forums 2.0 - 2.0.18.5 PHP Object Injection Vulnerability

Exploit for php platform in category web applications ------------------------------------------------------------------------------------------- Vanilla Forums ValidateTransientKey$TransientKey 324. // If messages wasn't empty 325. if $Messages != '' 326. // Unserialize them & save them if...

Vanilla Forums 2.0 2.0.18.5 - class.utilitycontroller.php PHP Object Injection

Vanilla Forums 2.0 2.0.18.5 - class.utilitycontroller.php PHP Object Injection ------------------------------------------------------------------------------------------- Vanilla Forums ValidateTransientKey$TransientKey 324. // If messages wasn't empty 325. if $Messages != '' 326. // Unserialize...

Vanilla Forums 2.0 < 2.0.18.5 - 'class.utilitycontroller.php' PHP Object Injection

------------------------------------------------------------------------------------------- Vanilla Forums ValidateTransientKey$TransientKey 324. // If messages wasn't empty 325. if $Messages != '' 326. // Unserialize them & save them if necessary 327. $Messages = GdnFormat::Unserialize$Messages;...

[KIS-2013-09] Vanilla Forums <= 2.0.18.5 (class.utilitycontroller.php) PHP Object Injection Vulnerability

------------------------------------------------------------------------------------------- Vanilla Forums = 2.0.18.5 class.utilitycontroller.php PHP Object Injection Vulnerability ------------------------------------------------------------------------------------------- - Software Link:...

Vanilla Forums 2.0.18.5 Local File Inclusion

Vanilla Forums versions 2.0.18.5 and below suffer from a PHP object injection vulnerability in class.utilitycontroller.php that in turn allows for local file inclusion. ------------------------------------------------------------------------------------------- Vanilla Forums...

Vanilla Forums 2.0.18.5 Local File Inclusion

------------------------------------------------------------------------------------------- Vanilla Forums ValidateTransientKey$TransientKey 324. // If messages wasn't empty 325. if $Messages != '' 326. // Unserialize them & save them if necessary 327. $Messages = GdnFormat::Unserialize$Messages;...

Moodle 2.5.0-1 (badges/external.php) PHP Object Injection Vulnerability

============================================= - Original release date: 15 September, 2013 - Discovered by: Emilio Pinna Application Security Analyst at Abinsula - Contact: emilio pinn gmail ============================================= VULNERABILITY ---------------------- Moodle CMS version 2.5.0...

Moodle CMS 2.5.0-1 Cross Site Scripting Vulnerability

Moodle CMS version 2.5.0-1 suffers from a cross site scripting vulnerability. ============================================= - Original release date: 15 September, 2013 - Discovered by: Emilio Pinna Application Security Analyst at Abinsula - Contact: emilio pinn gmail...

WordPress < 3.6.1 PHP object injection vulnerability-vulnerability warning-the black bar safety net

0x00 background When I read an article about the Joomla“PHP object injection”vulnerability in a blog post, I dug deep it found Stefan Esser God in 2 0 1 0 annual black hat conference articles: http://media.blackhat.com/bh-us- ... Exploits-slides. pdf This article has mentioned in PHP unserialize...

CVE-2013-5674

badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid...

CVE-2013-5674

badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid...

Design/Logic Flaw

badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid...