UBUNTU-CVE-2013-5674

badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid...

CVE-2013-5674

badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid...

CVE-2013-5674

Moodle 2.5.x (before 2.5.2) is vulnerable in badges/external.php where unserializing a description of an external badge allows PHP object injection via unspecified vectors, demonstrated by overwriting the userid value. This can enable remote manipulation and has partial impact on confidentiality/...

Moodle CMS 2.5.0-1 Cross Site Scripting

============================================= - Original release date: 15 September, 2013 - Discovered by: Emilio Pinna Application Security Analyst at Abinsula - Contact: emilio pinn gmail ============================================= VULNERABILITY ---------------------- Moodle CMS version 2.5.0...

WordPress 3.6 - PHP Object Injection

...

GLPI 0.83.9 Code Execution

======================================= Advisory title: unserialize vulnerability in GLPI 0.83.9 Product: GLPI 0.83.9 Discovered by: Xavier Mehrenberger Cassidian CyberSecurity Vulnerable version: 0.83.9 Tested: v0.83.9, 2013-06-21 Fixed in repository: 2013-06-23 commits 21169 to 21180 Category:...

VulnCheck KEV: CVE-2013-0156

activesupport/coreext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a...

Joomla! 2.5.x < 2.5.10 / 3.0.x < 3.0.4 Multiple Vulnerabilities

According to its self-identified version number, the Joomla! installation hosted on the remote web server is 2.5.x prior to 2.5.10 or 3.0.x prior to 3.0.4. It is, therefore, affected by multiple vulnerabilities : - A security bypass vulnerability exists due to a failure to properly verify...

CVE-2013-3528

Unspecified vulnerability in the update check in Vanilla Forums before 2.0.18.8 has unspecified impact and remote attack vectors, related to "object injection."...

Design/Logic Flaw

Unspecified vulnerability in the update check in Vanilla Forums before 2.0.18.8 has unspecified impact and remote attack vectors, related to "object injection."...

CVE-2013-3528

Unspecified vulnerability in the update check in Vanilla Forums before 2.0.18.8 has unspecified impact and remote attack vectors, related to "object injection."...

[KIS-2013-04] Joomla! &lt;= 3.0.3 &#40;remember.php&#41; PHP Object Injection Vulnerability

------------------------------------------------------------------ Joomla! = 3.0.3 remember.php PHP Object Injection Vulnerability ------------------------------------------------------------------ - Software Link: http://www.joomla.org/ - Affected Versions: Version 3.0.3 and earlier 3.0.x...

CVE-2013-3242

plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors...

Design/Logic Flaw

plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors...

CVE-2013-3242

plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors...

CVE-2013-3242

Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 are affected by CVE-2013-3242 due to improper handling of an object obtained from unserializing a cookie in plugins/system/remember/remember.php. An authenticated remote attacker can trigger PHP object injection and cause a denial of service via ...

Joomla! 3.0.3 PHP Object Injection Vulnerability

Joomla! versions 3.0.3 and below suffer from a PHP object injection vulnerability in remember.php. ------------------------------------------------------------------ Joomla! decrypt$str; 45. $cookieData = @unserialize$str; User input passed through cookies is not properly sanitized before being...

Joomla! 3.0.3 PHP Object Injection

------------------------------------------------------------------ Joomla! decrypt$str; 45. $cookieData = @unserialize$str; User input passed through cookies is not properly sanitized before being used in an unserialize call at line 45. This could be exploited to inject arbitrary PHP objects into...

Joomla! 3.0.3 - remember.php PHP Object Injection

Joomla! 3.0.3 - remember.php PHP Object Injection ------------------------------------------------------------------ Joomla! decrypt$str; 45. $cookieData = @unserialize$str; User input passed through cookies is not properly sanitized before being used in an unserialize call at line 45. This could...

Joomla! 3.0.3 - &#039;remember.php&#039; PHP Object Injection

------------------------------------------------------------------ Joomla! decrypt$str; 45. $cookieData = @unserialize$str; User input passed through cookies is not properly sanitized before being used in an unserialize call at line 45. This could be exploited to inject arbitrary PHP objects into...