Lucene search
K

460 matches found

Tenable Nessus
Tenable Nessus
added 2013/10/20 12:0 a.m.41 views

FreeBSD : wordpress -- multiple vulnerabilities (043d3a78-f245-4938-9bc7-3d0d35dd94bf)

The wordpress development team reports : - Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution. - Prevent a user with an Author role, using a specially crafted request, from being able to create a post 'written by' another...

7.5CVSS5.2AI score0.08749EPSS
Exploits8References7
Tenable Nessus
Tenable Nessus
added 2013/09/20 12:0 a.m.112 views

Moodle 'external.php' 'badge' Parameter XSS

The version of Moodle installed on the remote host fails to properly sanitize user-supplied input to the 'badge' parameter of the 'external.php' script. The application also fails to properly sanitize serialized objects. An attacker can exploit these issues by crafting a URL containing a serializ...

7.5CVSS5.8AI score0.02098EPSS
Exploits2References4
OpenVAS
OpenVAS
added 2013/09/14 12:0 a.m.30 views

Debian Security Advisory DSA 2757-1 (wordpress - several vulnerabilities)

Several vulnerabilities were identified in Wordpress, a web blogging tool. As the CVEs were allocated from releases announcements and specific fixes are usually not identified, it has been decided to upgrade the Wordpress package to the latest upstream version instead of backporting the patches...

7.5CVSS0.08749EPSS
Exploits8References1
OpenVAS
OpenVAS
added 2013/09/13 12:0 a.m.20 views

Debian: Security Advisory (DSA-2757-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.6AI score0.08749EPSS
Exploits8References3
FreeBSD
FreeBSD
added 2013/09/11 12:0 a.m.49 views

wordpress -- multiple vulnerabilities

The wordpress development team reports: Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution. Prevent a user with an Author role, using a specially crafted request, from being able to create a post "written by" another user. F...

7.5CVSS6.3AI score0.08749EPSS
Exploits7References1
Patchstack
Patchstack
added 2013/06/12 12:0 a.m.25 views

WordPress <= 3.6.0 - Arbitrary Code Execution

Unsafe PHP unserialization in wp-includes/functions.php could cause arbitrary code execution. Solution Update the plugin...

7.5CVSS4.4AI score0.08749EPSS
Exploits2References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2013/04/26 12:0 a.m.33 views

Puppet Unsafe YAML Unserialization

According to its self-reported version number, the Puppet install on the remote host has a remote code execution vulnerability. Specially crafted YAML encoded objects are not unserialized safely. A remote, unauthenticated attacker could exploit this to execute arbitrary code. The issue is...

7.5CVSS8.4AI score0.04558EPSS
Exploits0References3
NVD
NVD
added 2013/02/13 1:55 a.m.33 views

CVE-2013-1453

plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight...

7.5CVSS7.4AI score0.03149EPSS
Exploits6References4
NVD
NVD
added 2012/09/04 8:55 p.m.28 views

CVE-2012-1605

The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature HMAC for a request argument."...

5CVSS7.6AI score0.02365EPSS
Exploits0References4
CVE
CVE
added 2012/09/04 8:0 p.m.62 views

CVE-2012-1605

CVE-2012-1605 affects the TYPO3 Extbase Framework. The Connected sources confirm that the Extbase Framework in TYPO3 versions 4.6.x up to 4.6.6, 4.7, and 6.0 unserializes untrusted data, enabling remote attackers to unserialize arbitrary objects and potentially execute arbitrary code due to a mis...

5CVSS7.8AI score0.02365EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2010/07/27 12:0 a.m.36 views

PHP < 5.3.3 / 5.2.14 Multiple Vulnerabilities

Binary data 801070.prm...

7.5CVSS7.3AI score0.05342EPSS
Exploits15References15
Tenable Nessus
Tenable Nessus
added 2010/07/27 12:0 a.m.19 views

PHP < 5.2.14 / 5.3.x < 5.3.3 Multiple Vulnerabilities

Binary data 5616.prm...

7.5CVSS7.3AI score0.11528EPSS
Exploits18References18
OpenVAS
OpenVAS
added 2009/03/23 12:0 a.m.32 views

Ubuntu Update for php5 vulnerabilities USN-424-1

Ubuntu Update for Linux kernel vulnerabilities USN-424-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN4241.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for php5 vulnerabilities USN-424-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

10CVSS0.7AI score0.11752EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2007/11/10 12:0 a.m.40 views

Ubuntu 5.10 / 6.06 LTS / 6.10 : php5 regression (USN-424-2)

USN-424-1 fixed vulnerabilities in PHP. However, some upstream changes were not included, which caused errors in the stream filters. This update fixes the problem. We apologize for the inconvenience. Multiple buffer overflows have been discovered in various PHP modules. If a PHP application...

10CVSS6.6AI score0.11752EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2007/11/10 12:0 a.m.37 views

Ubuntu 5.10 / 6.06 LTS / 6.10 : php5 vulnerabilities (USN-424-1)

Multiple buffer overflows have been discovered in various PHP modules. If a PHP application processes untrusted data with functions of the session or zip module, or various string functions, a remote attacker could exploit this to execute arbitrary code with the privileges of the web server...

10CVSS6.6AI score0.11752EPSS
Exploits0References7
Ubuntu
Ubuntu
added 2007/03/08 7:4 a.m.75 views

USN-424-2: PHP regression

USN-424-1 fixed vulnerabilities in PHP. However, some upstream changes were not included, which caused errors in the stream filters. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple buffer overflows have been discovered in various PHP modules...

6.4AI score
Exploits0References1
Cvelist
Cvelist
added 2007/02/20 5:0 p.m.31 views

CVE-2007-0988

The zendhashinit function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service infinite loop by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a...

7.3AI score0.02308EPSS
Exploits0References45
Debian CVE
Debian CVE
added 2006/11/21 11:0 p.m.17 views

CVE-2006-6017

WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service application crash via a string that represents a 1 malformed or 2 large serialized object, because the object...

6.5CVSS4.4AI score0.0226EPSS
Exploits0
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.24 views

CVE-2019-10912: Prevent destructors with side-effects from being unserialized

More info at https://symfony.com/cve-2019-10912...

7.1CVSS7.2AI score0.02302EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.29 views

CVE-2019-10912: Prevent destructors with side-effects from being unserialized

More info at https://symfony.com/cve-2019-10912...

7.1CVSS7.2AI score0.02302EPSS
Exploits0Affected Software1
Rows per page
Query Builder