460 matches found
FreeBSD : wordpress -- multiple vulnerabilities (043d3a78-f245-4938-9bc7-3d0d35dd94bf)
The wordpress development team reports : - Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution. - Prevent a user with an Author role, using a specially crafted request, from being able to create a post 'written by' another...
Moodle 'external.php' 'badge' Parameter XSS
The version of Moodle installed on the remote host fails to properly sanitize user-supplied input to the 'badge' parameter of the 'external.php' script. The application also fails to properly sanitize serialized objects. An attacker can exploit these issues by crafting a URL containing a serializ...
Debian Security Advisory DSA 2757-1 (wordpress - several vulnerabilities)
Several vulnerabilities were identified in Wordpress, a web blogging tool. As the CVEs were allocated from releases announcements and specific fixes are usually not identified, it has been decided to upgrade the Wordpress package to the latest upstream version instead of backporting the patches...
Debian: Security Advisory (DSA-2757-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
wordpress -- multiple vulnerabilities
The wordpress development team reports: Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution. Prevent a user with an Author role, using a specially crafted request, from being able to create a post "written by" another user. F...
WordPress <= 3.6.0 - Arbitrary Code Execution
Unsafe PHP unserialization in wp-includes/functions.php could cause arbitrary code execution. Solution Update the plugin...
Puppet Unsafe YAML Unserialization
According to its self-reported version number, the Puppet install on the remote host has a remote code execution vulnerability. Specially crafted YAML encoded objects are not unserialized safely. A remote, unauthenticated attacker could exploit this to execute arbitrary code. The issue is...
CVE-2013-1453
plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight...
CVE-2012-1605
The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature HMAC for a request argument."...
CVE-2012-1605
CVE-2012-1605 affects the TYPO3 Extbase Framework. The Connected sources confirm that the Extbase Framework in TYPO3 versions 4.6.x up to 4.6.6, 4.7, and 6.0 unserializes untrusted data, enabling remote attackers to unserialize arbitrary objects and potentially execute arbitrary code due to a mis...
PHP < 5.3.3 / 5.2.14 Multiple Vulnerabilities
Binary data 801070.prm...
PHP < 5.2.14 / 5.3.x < 5.3.3 Multiple Vulnerabilities
Binary data 5616.prm...
Ubuntu Update for php5 vulnerabilities USN-424-1
Ubuntu Update for Linux kernel vulnerabilities USN-424-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN4241.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for php5 vulnerabilities USN-424-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...
Ubuntu 5.10 / 6.06 LTS / 6.10 : php5 regression (USN-424-2)
USN-424-1 fixed vulnerabilities in PHP. However, some upstream changes were not included, which caused errors in the stream filters. This update fixes the problem. We apologize for the inconvenience. Multiple buffer overflows have been discovered in various PHP modules. If a PHP application...
Ubuntu 5.10 / 6.06 LTS / 6.10 : php5 vulnerabilities (USN-424-1)
Multiple buffer overflows have been discovered in various PHP modules. If a PHP application processes untrusted data with functions of the session or zip module, or various string functions, a remote attacker could exploit this to execute arbitrary code with the privileges of the web server...
USN-424-2: PHP regression
USN-424-1 fixed vulnerabilities in PHP. However, some upstream changes were not included, which caused errors in the stream filters. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple buffer overflows have been discovered in various PHP modules...
CVE-2007-0988
The zendhashinit function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service infinite loop by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a...
CVE-2006-6017
WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service application crash via a string that represents a 1 malformed or 2 large serialized object, because the object...
CVE-2019-10912: Prevent destructors with side-effects from being unserialized
More info at https://symfony.com/cve-2019-10912...
CVE-2019-10912: Prevent destructors with side-effects from being unserialized
More info at https://symfony.com/cve-2019-10912...