Lucene search
+L

30 matches found

prion
prion
added 2018/07/23 3:29 p.m.19 views

Remote code execution

Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code execution. This attack appear to be exploitable via a simple GET request to the api endpoint. This...

7.5CVSS9.7AI score0.03413EPSS
Exploits0References2Affected Software1
osv
osv
added 2018/07/23 3:29 p.m.14 views

CVE-2018-1999019

Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code execution. This attack appear to be exploitable via a simple GET request to the api endpoint. This...

9.8CVSS7.8AI score
Exploits0References2
prion
prion
added 2018/07/13 8:29 p.m.13 views

Design/Logic Flaw

ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating system. As Application...

10CVSS8.1AI score0.22011EPSS
Exploits0References3Affected Software1
osv
osv
added 2017/08/18 3:29 a.m.34 views

CVE-2017-12933

The finishnesteddata function in ext/standard/varunserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP...

9.8CVSS6.9AI score
Exploits0References9
osv
osv
added 2017/08/18 3:29 a.m.4 views

UBUNTU-CVE-2017-12934

ext/standard/varunserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zvalgettype function in Zend/zendtypes.h. Exploitation of this issue can have an unspecified impact on the integrity of PHP...

7.5CVSS7.2AI score0.03634EPSS
Exploits0References3
osv
osv
added 2017/08/18 3:29 a.m.5 views

UBUNTU-CVE-2017-12932

ext/standard/varunserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an...

9.8CVSS7.3AI score0.0742EPSS
Exploits0References3
debiancve
debiancve
added 2017/08/18 3:0 a.m.47 views

CVE-2017-12934

Removed by vendor...

7.5CVSS8.6AI score0.03634EPSS
Exploits0
osv
osv
added 2017/02/23 4:28 p.m.4 views

USN-3211-1 php7.0 vulnerabilities

It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2016-7479 It was discovered that PHP incorrectly handled certain...

9.8CVSS7.4AI score0.41943EPSS
Exploits6References11
zdt
zdt
added 2016/11/19 12:0 a.m.26 views

Relevanssi Premium 1.14.4 Code Execution Vulnerability

An unserialization vulnerability in Relevanssi Premium version 1.14.4 could allow for code execution. Details ================ Software: Relevanssi Premium Version: v1.14.4 Homepage: https://www.relevanssi.com/ Advisory report:...

7.4AI score
Exploits0
redhat
redhat
added 2015/06/23 8:11 a.m.3 views

php: use after free vulnerability in unserialize()

A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrary code...

7.5CVSS7.6AI score0.53166EPSS
Exploits8References4
Rows per page
Query Builder