CVE-2018-6195

admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin wp-splashing-images before 2.1.1 for WordPress allows authenticated administrator, editor, or author remote attackers to conduct PHP Object Injection attacks via crafted serialized data in the 'session' HTTP GET parameter t...

VulnCheck KEV: CVE-2017-12149

The JBoss Application Server, shipped with Red Hat Enterprise Application Platform 5.2, allows an attacker to execute arbitrary code via crafted serialized data...

Cacti PHP Object Injection Vulnerability

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool through snmpget to get the data , using RRDtool drawing graphs to analyze , and provide data and user management features . A security vulnerability exists in versions of Cacti prior to 1.0.0...

Invite Anyone <= 1.3.18 - Unauthenticated PHP Object Injection

The plugin invite-anyone insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. Similar to previous attacks, you send a cookie named "invite-anyone" with serialized data for your target object...

Invite Anyone <= 1.3.18 - Unauthenticated PHP Object Injection

The plugin invite-anyone insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. PoC Similar to previous attacks, you send a cookie named "invite-anyone" with serialized data for your target object...

CVE-2017-12149

In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code vi...

CVE-2017-12149

In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code vi...

Elastic Elasticsearch ThrowableObjectInputStream Insecure Deserialization (CVE-2015-5377)

An insecure deserialization vulnerability exists in Elastic Elasticsearch. This vulnerability is due to the deserialization of untrusted ThrowableObjectInputStream data.A remote, unauthenticated attacker could exploit this vulnerability by sending crafted serialized data to the target application...

SSRF, Memcached and other key-value injections in the wild

Back in 2012 we released SSRF a different techniques to exploit Memcached servers and other services with host-based authentication through SSRF. Two years after, in 2014, I presented a Memcached injection techniques at Black Hat USA . There I mentioned that it’s possible to exploit it as a Remot...

PHP Object Injection

Moodle is vulnerable to PHP object injection and arbitrary code execution. The repositories component of Moodle contains a flaw which allows these attacks through serialized data containing objects defined in an add-on...

Drupal 7. x Service Module SQLi & RCE vulnerability analysis and EXP-vulnerability warning-the black bar safety net

Drupal 7. x Service Module SQLi & RCE In the audit of the Drupal Service module when it is detected on the unserializefunction of a insecure call. Through the vulnerability, can lead to permission to escape, SQL injection, and remote code execution. 0x00 Service Module In Drupal, the Service modu...

Code injection

PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via vectors related "serialized data and the last part of the concatenated filename," which creates a file in webroot...

CVE-2014-8731

PHPMemcachedAdmin 1.2.2 and earlier is affected by CVE-2014-8731. The vulnerability allows remote code execution through vectors involving serialized data and the last part of the concatenated filename, which can create a file in the webroot. Affected software is PHPMemcachedAdmin (web-based fron...

F5 BIG-IP - PHP vulnerability CVE-2016-7124

ext/standard/varunserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a 1 destruct call or 2 magic method call...

CVE-2017-5830

Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized data in the cookies related to the delivery scripts...

Design/Logic Flaw

Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized data in the cookies related to the delivery scripts...

CVE-2017-5830

CVE-2017-5830 affects Revive Adserver prior to 4.0.1, where an attacker can execute arbitrary code by sending serialized data in cookies used by delivery scripts. The impact is remote code execution with high severity (per CVSS scores in sources). Affected component: the delivery-script cookies h...

CVE-2017-5830

Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized data in the cookies related to the delivery scripts...

PHP zend_hash_destroy Uninitialized Pointer Code Execution (CVE-2017-5340)

An access-of-uninitialized-pointer vulnerability exists in PHP. A remote attacker can exploit this vulnerability by sending crafted serialized data to an affected PHP application. Successful exploitation could result in arbitrary code execution under the context of the target application...

HPE Operations Orchestration Insecure Deserialization (CVE-2016-8519)

An insecure deserialization vulnerability has been reported in HPE Operations Orchestration. The vulnerability is due to the deserialization of untrusted data in several servlets used for backwards compatibility with older API versions. A remote, unauthenticated attacker can exploit this...