CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8041 matches found

Exploit DB•added 2013/02/07 12:0 a.m.•37 views

CubeCart 5.2.0 - 'cubecart.class.php' PHP Object Injection

------------------------------------------------------------------------- CubeCart set'shipping', unserializebase64urldecode$POST'shipping'; 522. if !isset$POST'proceed' 523. httpredircurrentPage; 524. 525. User input passed through the $POST'shipping' parameter is not properly sanitized before...

9.8CVSS9.6AI score0.07086EPSS

Exploits6

Packet Storm•added 2013/02/06 12:0 a.m.•42 views

CubeCart 5.2.0 PHP Object Injection

7.5CVSS0.07086EPSS

Exploits6

OSV•added 2013/01/13 10:55 p.m.•3 views

DEBIAN-CVE-2013-0156

activesupport/coreext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a...

7.5CVSS7.5AI score0.99449EPSS

Exploits21References1

OSV•added 2013/01/13 10:55 p.m.•11 views

CVE-2013-0156

7.5CVSS7.5AI score0.99449EPSS

Exploits21References17

UbuntuCve•added 2013/01/13 10:55 p.m.•44 views

CVE-2013-0156

7.5CVSS7.5AI score0.99449EPSS

Exploits21References3

OSV•added 2013/01/13 10:55 p.m.•1 views

UBUNTU-CVE-2013-0156

7.5CVSS7.4AI score0.99449EPSS

Exploits21References4

ATTACKERKB•added 2013/01/13 10:55 p.m.•5 views

CVE-2013-0156

7.5CVSS6AI score0.99449EPSS

Exploits21References25

NVD•added 2013/01/13 10:55 p.m.•30 views

CVE-2013-0156

7.5CVSS7.1AI score0.99449EPSS

Exploits21References14

CVE•added 2013/01/13 10:0 p.m.•308 views

CVE-2013-0156

CVE-2013-0156 is a vulnerability in Ruby on Rails where active_support/core_ext/hash/conversions.rb fails to restrict casts of string values, enabling object-injection that can lead to remote code execution or a DoS via nested XML entities. Affected are Rails before 2.3.15, 3.0.x before 3.0.19, 3...

7.5CVSS9.6AI score0.99449EPSS

Exploits21References14Affected Software2

Cvelist•added 2013/01/13 10:0 p.m.•33 views

CVE-2013-0156

7.2AI score0.99449EPSS

Exploits21References14

Debian CVE•added 2013/01/13 10:0 p.m.•54 views

CVE-2013-0156

7.5CVSS9.4AI score0.99449EPSS

Exploits21

Positive Technologies•added 2013/01/13 12:0 a.m.•5 views

PT-2013-2139

Name of the Vulnerable Software and Affected Versions Ruby on Rails versions 2.3.15 and earlier Ruby on Rails versions 3.0.x through 3.0.18 Ruby on Rails versions 3.1.x through 3.1.9 Ruby on Rails versions 3.2.x through 3.2.10 Description The issue allows remote attackers to conduct...

7.5CVSS7.3AI score0.99449EPSS

Exploits27References57

RedHat Linux•added 2013/01/10 10:32 p.m.•3 views

rubygem-activesupport: Multiple vulnerabilities in parameter parsing in ActionPack

7.5CVSS7.5AI score0.99449EPSS

Exploits21References4

RedHat Linux•added 2013/01/10 8:39 p.m.•3 views

rubygem-activesupport: Multiple vulnerabilities in parameter parsing in ActionPack

7.5CVSS7.5AI score0.99449EPSS

Exploits21References4

RedHat Linux•added 2013/01/10 8:36 p.m.•1 views

rubygem-activesupport: Multiple vulnerabilities in parameter parsing in ActionPack

7.5CVSS7.5AI score0.99449EPSS

Exploits21References4

RubySec•added 2013/01/08 12:0 a.m.•44 views

CVE-2013-0156 rubygem-activesupport: Multiple vulnerabilities in parameter parsing in ActionPack

7.5CVSS6.3AI score0.99449EPSS

Exploits21References1Affected Software1

Exploit DB•added 2012/11/07 12:0 a.m.•50 views

Invision Power Board (IP.Board) 3.3.4 - Unserialize Regex Bypass

?php / So this is the patch that sanitizes, static public function safeUnserialize $serialized // unserialize will return false for object declared with small cap o // as well as if there is any ws between O and : if isstring $serialized && strpos $serialized, "\0" === false if strpos $serialized...

10CVSS7AI score0.24905EPSS

Exploits15

seebug.org•added 2012/11/04 12:0 a.m.•36 views

Invision Power Board <= 3.3.4 "unserialize()" PHP Code Execution

No description provided by source. ?php / ---------------------------------------------------------------- Invision Power Board = 3.3.4 "unserialize" PHP Code Execution ---------------------------------------------------------------- author..............: Egidio Romano aka EgiX...

10CVSS6.4AI score0.24905EPSS

Exploits15

Exploit DB•added 2012/11/01 12:0 a.m.•73 views

Invision Power Board (IP.Board) 3.3.4 - 'Unserialize()' PHP Code Execution

?php / ---------------------------------------------------------------- Invision Power Board = 3.3.4 "unserialize" PHP Code Execution ---------------------------------------------------------------- author..............: Egidio Romano aka EgiX mail................: n0b0d13satgmaildotcom software...

10CVSS6.4AI score0.24905EPSS

Exploits15

Packet Storm•added 2010/01/18 12:0 a.m.•18 views

Xunlei XPPlayer Active-X Remote Execution

PARAM NAME="VodUrl"...

1.6AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by