Lucene search
+L

1331 matches found

Cvelist
Cvelist
added 2010/01/19 4:0 p.m.39 views

CVE-2009-4605

scripts/setup.php aka the setup script in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the 1 configuration and 2 v0 parameters, which might allow remote attackers to conduct cross-site request forgery CSRF attacks via unspecified vectors...

6.4AI score0.0236EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2010/01/18 12:0 a.m.26 views

openSUSE Security Update : phpMyAdmin (phpMyAdmin-1801)

The use of unserialize on POST data which could have lead to remote code execution CVE-2009-4605 has been fixed as well as some minor temporary file issues CVE-2008-7251, CVE-2008-7252. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin wer...

10CVSS5.5AI score0.02665EPSS
Exploits2References4
OpenVAS
OpenVAS
added 2009/12/31 12:0 a.m.40 views

PHP <= 5.3.0 DoS Vulnerability

PHP is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescription...

5CVSS6.8AI score0.0097EPSS
Exploits0References2
Prion
Prion
added 2009/12/24 5:30 p.m.26 views

Design/Logic Flaw

The unserialize function in PHP 5.3.0 and earlier allows context-dependent attackers to cause a denial of service resource consumption via a deeply nested serialized variable, as demonstrated by a string beginning with a:1: followed by many a:1: sequences...

5CVSS7AI score0.0097EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2009/12/24 5:0 p.m.94 views

CVE-2009-4418

CVE-2009-4418 concerns PHP 5.3.0 and earlier, where the unserialize function can be exploited to cause a denial of service via deeply nested serialized data (example pattern: a:1: followed by many {a:1: sequences}). The issue is a context-dependent DoS resulting in resource consumption. Affected ...

5CVSS6.5AI score0.0097EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2009/12/24 5:0 p.m.28 views

CVE-2009-4418

The unserialize function in PHP 5.3.0 and earlier allows context-dependent attackers to cause a denial of service resource consumption via a deeply nested serialized variable, as demonstrated by a string beginning with a:1: followed by many a:1: sequences...

6.5AI score0.0097EPSS
Exploits0References2
canvas
canvas
added 2009/12/24 4:30 p.m.114 views

Immunity Canvas: PIWIK

Name| piwik ---|--- CVE| CVE-2009-4137 Exploit Pack| CANVAS Description| Piwik unserialize + destruct Notes| References: 'http://www.sektioneins.com/en/advisories/advisory-032009-piwik-cookie-unserialize-vulnerability/', 'http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4137' Notes: This...

7.5CVSS2.9AI score0.16949EPSS
Exploits2
Prion
Prion
added 2009/12/24 4:30 p.m.20 views

Code injection

The loadContentFromCookie function in core/Cookie.php in Piwik before 0.5 does not validate strings obtained from cookies before calling the unserialize function, which allows remote attackers to execute arbitrary code or upload arbitrary files via vectors related to the destruct function in the...

7.5CVSS8.2AI score0.16949EPSS
Exploits2References8Affected Software1
Debian CVE
Debian CVE
added 2009/12/24 4:0 p.m.13 views

CVE-2009-4137

The loadContentFromCookie function in core/Cookie.php in Piwik before 0.5 does not validate strings obtained from cookies before calling the unserialize function, which allows remote attackers to execute arbitrary code or upload arbitrary files via vectors related to the destruct function in the...

7.5CVSS8.1AI score0.16949EPSS
Exploits2
CVE
CVE
added 2009/12/24 4:0 p.m.78 views

CVE-2009-4137

Summary (CVE-2009-4137) : The vulnerability in Piwik ≤ 0.4x/0.5 involves loadContentFromCookie() feeding data from cookies into unserialize(), enabling remote code execution or arbitrary file upload via multiple vectors that touch __destruct in Piwik_Config, php://filter URIs, Zend Framework comp...

7.5CVSS7.5AI score0.16949EPSS
Exploits2References8Affected Software1
seebug.org
seebug.org
added 2009/12/17 12:0 a.m.10 views

PHP会话数据还原序列化存在任意代码执行漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2009/12/17 12:0 a.m.44 views

Piwik 'unserialize()' PHP代码执行漏洞

Bugraq ID: 37312 CVE ID:CVE-2009-4137 Piwik是一款开源的WEB统计系统。 Piwik unserializes用户输入允许攻击者发送特殊构建的cookie,可导致以应用程序权限执行任意PHP代码。 Piwik从cookie中获得数据进行unserialize操作,通过反序列化部分Piwik的对象,可覆盖WEB服务上可写目录下的任意文件,攻击者借此可用于上传任意PHP文件并以WEB权限执行。 Piwik 0.2.32 Piwik 0.4 Piwik 0.3 Piwik 0.5已经修复此漏洞,建议用户下载使用:...

7.5CVSS6.4AI score0.16949EPSS
Exploits2
FreeBSD
FreeBSD
added 2009/12/10 12:0 a.m.37 views

piwik -- php code execution

secunia reports: Stefan Esser has reported a vulnerability in Piwik, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the core/Cookie.php script using "unserialize" with user controlled input. This can be exploited to e.g. execute...

7.5CVSS7.1AI score0.16949EPSS
Exploits2References3
securityvulns
securityvulns
added 2009/12/09 12:0 a.m.48 views

Advisory 02/2009: PHPIDS Unserialize&#40;&#41; Vulnerability

SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: PHPIDS Unserialize Vulnerability Release Date: 2009/12/09 Last Modified: 2009/12/09 Author: Stefan Esser stefan.esseratsektioneins.de Application: PHPIDS = 0.6.2 Severity: PHPIDS unserializes user input which allows an attacker...

8AI score
Exploits0
securityvulns
securityvulns
added 2009/12/09 12:0 a.m.77 views

Advisory 03/2009: Piwik Cookie unserialize&#40;&#41; Vulnerability

SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: Piwik Cookie Unserialize Vulnerability Release Date: 2009/12/09 Last Modified: 2009/12/09 Author: Stefan Esser stefan.esseratsektioneins.de Application: Piwik = 0.4.5 Severity: Piwik unserializes user input which allows an...

7.4AI score
Exploits0
Metasploit
Metasploit
added 2008/10/19 9:3 p.m.45 views

PHP 4 unserialize() ZVAL Reference Counter Overflow (Cookie)

This module exploits an integer overflow vulnerability in the unserialize function of the PHP web server extension. This vulnerability was patched by Stefan in version 4.5.0 and applies all previous versions supporting this function. This particular module targets numerous web applications and is...

6.8CVSS7.6AI score0.40435EPSS
Exploits7
Tenable Nessus
Tenable Nessus
added 2007/05/29 12:0 a.m.67 views

GLSA-200705-19 : PHP: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200705-19 PHP: Multiple vulnerabilities Several vulnerabilities were found in PHP, most of them during the Month Of PHP Bugs MOPB by Stefan Esser. The most severe of these vulnerabilities are integer overflows in wbmp.c from the G...

7.8CVSS8AI score0.40435EPSS
Exploits15References17
Tenable Nessus
Tenable Nessus
added 2007/05/11 12:0 a.m.40 views

FreeBSD : php -- multiple vulnerabilities (f5e52bf5-fc77-11db-8163-000e0c2e438a)

The PHP development team reports : Security Enhancements and Fixes in PHP 5.2.2 and PHP 4.4.7 : - Fixed CVE-2007-1001, GD wbmp used with invalid image size - Fixed asciiz byte truncation inside mail - Fixed a bug in mbparsestr that can be used to activate registerglobals - Fixed unallocated memor...

6.8CVSS5.8AI score0.08321EPSS
Exploits1References4
exploitpack
exploitpack
added 2007/05/04 12:0 a.m.20 views

RunCMS 1.5.2 - debug_show.php SQL Injection

RunCMS 1.5.2 - debugshow.php SQL Injection no authentication is performed to run showfiles and showqueries functions, look at this now in /class/debug/debug.php: ... function showqueries$executedqueries, $sorted=0 global $db; $executedqueries = unserializeurldecode$executedqueries; if $sorted == ...

0.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2007/04/30 12:0 a.m.66 views

Debian DSA-1282-1 : php4 - several vulnerabilities

Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1286 Stefan Esser discovered an overflow ...

7.8CVSS6.1AI score0.40435EPSS
Exploits12References13
Rows per page
Query Builder