1331 matches found
CVE-2009-4605
scripts/setup.php aka the setup script in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the 1 configuration and 2 v0 parameters, which might allow remote attackers to conduct cross-site request forgery CSRF attacks via unspecified vectors...
openSUSE Security Update : phpMyAdmin (phpMyAdmin-1801)
The use of unserialize on POST data which could have lead to remote code execution CVE-2009-4605 has been fixed as well as some minor temporary file issues CVE-2008-7251, CVE-2008-7252. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin wer...
PHP <= 5.3.0 DoS Vulnerability
PHP is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescription...
Design/Logic Flaw
The unserialize function in PHP 5.3.0 and earlier allows context-dependent attackers to cause a denial of service resource consumption via a deeply nested serialized variable, as demonstrated by a string beginning with a:1: followed by many a:1: sequences...
CVE-2009-4418
CVE-2009-4418 concerns PHP 5.3.0 and earlier, where the unserialize function can be exploited to cause a denial of service via deeply nested serialized data (example pattern: a:1: followed by many {a:1: sequences}). The issue is a context-dependent DoS resulting in resource consumption. Affected ...
CVE-2009-4418
The unserialize function in PHP 5.3.0 and earlier allows context-dependent attackers to cause a denial of service resource consumption via a deeply nested serialized variable, as demonstrated by a string beginning with a:1: followed by many a:1: sequences...
Immunity Canvas: PIWIK
Name| piwik ---|--- CVE| CVE-2009-4137 Exploit Pack| CANVAS Description| Piwik unserialize + destruct Notes| References: 'http://www.sektioneins.com/en/advisories/advisory-032009-piwik-cookie-unserialize-vulnerability/', 'http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4137' Notes: This...
Code injection
The loadContentFromCookie function in core/Cookie.php in Piwik before 0.5 does not validate strings obtained from cookies before calling the unserialize function, which allows remote attackers to execute arbitrary code or upload arbitrary files via vectors related to the destruct function in the...
CVE-2009-4137
The loadContentFromCookie function in core/Cookie.php in Piwik before 0.5 does not validate strings obtained from cookies before calling the unserialize function, which allows remote attackers to execute arbitrary code or upload arbitrary files via vectors related to the destruct function in the...
CVE-2009-4137
Summary (CVE-2009-4137) : The vulnerability in Piwik ≤ 0.4x/0.5 involves loadContentFromCookie() feeding data from cookies into unserialize(), enabling remote code execution or arbitrary file upload via multiple vectors that touch __destruct in Piwik_Config, php://filter URIs, Zend Framework comp...
PHP会话数据还原序列化存在任意代码执行漏洞
No description provided by source...
Piwik 'unserialize()' PHP代码执行漏洞
Bugraq ID: 37312 CVE ID:CVE-2009-4137 Piwik是一款开源的WEB统计系统。 Piwik unserializes用户输入允许攻击者发送特殊构建的cookie,可导致以应用程序权限执行任意PHP代码。 Piwik从cookie中获得数据进行unserialize操作,通过反序列化部分Piwik的对象,可覆盖WEB服务上可写目录下的任意文件,攻击者借此可用于上传任意PHP文件并以WEB权限执行。 Piwik 0.2.32 Piwik 0.4 Piwik 0.3 Piwik 0.5已经修复此漏洞,建议用户下载使用:...
piwik -- php code execution
secunia reports: Stefan Esser has reported a vulnerability in Piwik, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the core/Cookie.php script using "unserialize" with user controlled input. This can be exploited to e.g. execute...
Advisory 02/2009: PHPIDS Unserialize() Vulnerability
SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: PHPIDS Unserialize Vulnerability Release Date: 2009/12/09 Last Modified: 2009/12/09 Author: Stefan Esser stefan.esseratsektioneins.de Application: PHPIDS = 0.6.2 Severity: PHPIDS unserializes user input which allows an attacker...
Advisory 03/2009: Piwik Cookie unserialize() Vulnerability
SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: Piwik Cookie Unserialize Vulnerability Release Date: 2009/12/09 Last Modified: 2009/12/09 Author: Stefan Esser stefan.esseratsektioneins.de Application: Piwik = 0.4.5 Severity: Piwik unserializes user input which allows an...
PHP 4 unserialize() ZVAL Reference Counter Overflow (Cookie)
This module exploits an integer overflow vulnerability in the unserialize function of the PHP web server extension. This vulnerability was patched by Stefan in version 4.5.0 and applies all previous versions supporting this function. This particular module targets numerous web applications and is...
GLSA-200705-19 : PHP: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200705-19 PHP: Multiple vulnerabilities Several vulnerabilities were found in PHP, most of them during the Month Of PHP Bugs MOPB by Stefan Esser. The most severe of these vulnerabilities are integer overflows in wbmp.c from the G...
FreeBSD : php -- multiple vulnerabilities (f5e52bf5-fc77-11db-8163-000e0c2e438a)
The PHP development team reports : Security Enhancements and Fixes in PHP 5.2.2 and PHP 4.4.7 : - Fixed CVE-2007-1001, GD wbmp used with invalid image size - Fixed asciiz byte truncation inside mail - Fixed a bug in mbparsestr that can be used to activate registerglobals - Fixed unallocated memor...
RunCMS 1.5.2 - debug_show.php SQL Injection
RunCMS 1.5.2 - debugshow.php SQL Injection no authentication is performed to run showfiles and showqueries functions, look at this now in /class/debug/debug.php: ... function showqueries$executedqueries, $sorted=0 global $db; $executedqueries = unserializeurldecode$executedqueries; if $sorted == ...
Debian DSA-1282-1 : php4 - several vulnerabilities
Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1286 Stefan Esser discovered an overflow ...