Prototype Pollution

safer-eval is vulnerable to prototype pollution. A lack of validation allows an attacker to inject arbitrary objects using Object.constructor to execute arbitrary code...

Code injection

NetApp StorageGRID Webscale 10.2.x before 10.2.2.3, 10.3.x before 10.3.0.4, and 10.4.x before 10.4.0.2 allow remote authenticated users to delete arbitrary objects via unspecified vectors...

Alienvault OSSIM and USM PHP Object Injection Vulnerabilities

AlienVault OSSIM is an open source security information management system.USM is a security management platform that provides security monitoring, security event management and reporting, and a threat awareness system. An object injection vulnerability exists in Alienvault OSSIM and USM, which...

CVE-2016-4978

The getObject method of the javax.jms.ObjectMessage class in the 1 JMS Core client, 2 Artemis broker, and 3 Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects...

SPIP code injection vulnerability

SPIP is a free Web-based content publishing system. The system is primarily used for online collaboration. A code injection vulnerability exists in SPIP. An attacker can exploit this vulnerability to inject arbitrary objects with the help of deserialization of untrustworthy content...

CVE-2014-0792

Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types...

Code injection

Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types...

CVE-2014-0792

Affected: Sonatype Nexus 1.x and 2.x prior to 2.7.1. Vulnerability: remote code execution through unmarshalling of unintended Object types in Nexus (XStream-based deserialization). Impact: attacker could create arbitrary objects and execute arbitrary code remotely. Root cause: unsafe deserializat...

PT-2013-3150 · Cubecart · Cubecart

Name of the Vulnerable Software and Affected Versions: CubeCart versions 5.0.0 through 5.2.0 Description: The issue allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter. This can be used to modify the application configuration using the Config object...

CVE-2012-3527

viewhelp.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature HMAC."...

Design/Logic Flaw

viewhelp.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature HMAC."...

CVE-2012-3527

viewhelp.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature HMAC."...