282 matches found
CVE-2014-8165
scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object...
CVE-2014-5340
The wato component in CheckMK before 1.2.4p4 and 1.2.5 before 1.2.5i4 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to an automation URL...
CVE-2014-0485
S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in 1 common.py or 2 local.py in backends/...
Design/Logic Flaw
The wato component in CheckMK before 1.2.4p4 and 1.2.5 before 1.2.5i4 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to an automation URL...
CVE-2014-5340
The wato component in CheckMK before 1.2.4p4 and 1.2.5 before 1.2.5i4 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to an automation URL...
CVE-2014-0485
S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in 1 common.py or 2 local.py in backends/...
CVE-2014-1613
Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object in the dcpasswd cookie to a password-protected page, which is not properly handled by 1 inc/public/lib.urlhandlers.php or 2 plugins/pages/public.php...
Default credentials
Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object in the dcpasswd cookie to a password-protected page, which is not properly handled by 1 inc/public/lib.urlhandlers.php or 2 plugins/pages/public.php...
CVE-2014-1613
Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object in the dcpasswd cookie to a password-protected page, which is not properly handled by 1 inc/public/lib.urlhandlers.php or 2 plugins/pages/public.php...
CVE-2014-1613
Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object in the dcpasswd cookie to a password-protected page, which is not properly handled by 1 inc/public/lib.urlhandlers.php or 2 plugins/pages/public.php...
CVE-2014-1691
The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the formvars form...
UBUNTU-CVE-2014-1691
The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the formvars form...
CVE-2014-1691
The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the formvars form...
CVE-2014-1691
The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the formvars form...
CVE-2013-5350
The "Remember me" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object...
openjpa: Remote arbitrary code execution by creating a serialized object and leveraging improperly secured server programs
The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by...
UBUNTU-CVE-2013-4271
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221...
Updated openjpa packages fix CVE-2013-1768
Updated openjpa packages fix security vulnerability: The BrokerFactory functionality in Apache OpenJPA before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to...
CVE-2013-5942
Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to 1 remotestorage.py, 2 storage.py, 3 render/datalib.py, and 4 whitelist/views.py, a different vulnerability than CVE-2013-5093...
CVE-2013-5942
Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to 1 remotestorage.py, 2 storage.py, 3 render/datalib.py, and 4 whitelist/views.py, a different vulnerability than CVE-2013-5093...