Type confusion

The SoapClient call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the serializefunctioncall...

KLA10746 Multiple vulnerabilities in PHP

Multiple serious vulnerabilities have been found in PHP. Malicious users can exploit these vulnerabilities to cause denial of service, affect arbitrary files, execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities 1. Multiple integer overflows can be...

CVE-2015-8835

The makehttpsoaprequest function in ext/soap/phphttp.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service NULL pointer dereference, type confusion, and application crash or possibly execute...

Apache TomEE 'EjbObjectInputStream' Arbitrary Command Execution Vulnerability

Apache TomEE is a Java EE server developed by the Apache Software Foundation. A security vulnerability in the 'EjbObjectInputStream' class of Apache TomEE allows remote attackers to submit a serialized Java data stream to execute arbitrary commands...

DEBIAN-CVE-2015-8377

SQL injection vulnerability in the hostnewgraphssave function in graphsnew.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted serialized data in the selectedgraphsarray parameter in a save action...

CVE-2015-8377

CVE-2015-8377 affects Cacti up to version 0.8.8f. The vulnerability is a SQL injection in the host_new_graphs_save function (graphs_new.php) that allows remote authenticated users to execute arbitrary SQL commands via crafted serialized data in the selected_graphs_array parameter during a save ac...

CVE-2015-8377

SQL injection vulnerability in the hostnewgraphssave function in graphsnew.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted serialized data in the selectedgraphsarray parameter in a save action...

Apache Commons Components InvokerTransformer Deserialization Arbitrary Code Execution Vulnerability

Apache Commons contains a lot of open source tools , used to solve the usual programming often encountered problems , reduce duplication of effort . Apache Commons Components InvokerTransformer deserialization has a security vulnerability that allows a remote user to send special data to an...

Commvault Edge Server Web Console OS Command Injection Vulnerability

Commvault Edge Server is a suite of Simpana-based software that provides end-users with automated data protection and instant access. A security vulnerability in the web console of Commvault Edge Server allows remote attackers to execute arbitrary OS commands using specially crafted serialized da...

CVE-2015-7253

The Web Console in Commvault Edge Server 10 R2 allows remote attackers to execute arbitrary OS commands via crafted serialized data in a cookie...

UBUNTU-CVE-2015-6836

The SoapClient call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the serializefunctioncall...

Code injection

Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service resource consumption or execute arbitrary code via crafted serialized data...

CVE-2014-1972

Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service resource consumption or execute arbitrary code via crafted serialized data...

CVE-2014-1972

Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service resource consumption or execute arbitrary code via crafted serialized data...

Memory corruption

SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact by leveraging access to a renderer process and providing crafted serialized data...

CVE-2015-1280

SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact by leveraging access to a renderer process and providing crafted serialized data...

CVE-2015-1280

Removed by vendor...

CVE-2015-1280

SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact by leveraging access to a renderer process and providing crafted serialized data...

Sql injection

SQL injection vulnerability in Subrion CMS before 3.3.3 allows remote authenticated users to execute arbitrary SQL commands via modified serialized data in a salt cookie...

CVE-2015-4129

SQL injection vulnerability in Subrion CMS before 3.3.3 allows remote authenticated users to execute arbitrary SQL commands via modified serialized data in a salt cookie...