CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

295 matches found

NVD•added 2011/01/14 11:0 p.m.•10 views

CVE-2010-4335

The validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted dataTokenfields value that is processed by the unserialize function, as demonstrated by...

7.5CVSS7.3AI score0.82639EPSS

Exploits3References7

OSV•added 2011/01/14 11:0 p.m.•4 views

DEBIAN-CVE-2010-4335

7.5CVSS7.4AI score0.82639EPSS

Exploits3References1

OSV•added 2011/01/14 11:0 p.m.•3 views

CVE-2010-4335

7.2AI score

Exploits0References7

Prion•added 2011/01/14 11:0 p.m.•13 views

Code injection

7.5CVSS7.9AI score0.82639EPSS

Exploits3References7Affected Software1

UbuntuCve•added 2011/01/14 11:0 p.m.•21 views

CVE-2010-4335

7.5CVSS6.2AI score0.82639EPSS

Exploits3References1

Cvelist•added 2011/01/14 10:0 p.m.•18 views

CVE-2010-4335

7.2AI score0.82639EPSS

Exploits3References7

CVE•added 2011/01/14 10:0 p.m.•65 views

CVE-2010-4335

CakePHP 1.2.8 and 1.3.x up to 1.3.5 are affected. The _validatePost function in libs/controller/components/security.php processes a crafted data[_Token][fields] value with unserialize, allowing remote attackers to modify the internal Cake cache and execute arbitrary code (demonstrated via modifyi...

7.5CVSS7.5AI score0.82639EPSS

Exploits3References7Affected Software2

Debian CVE•added 2011/01/14 10:0 p.m.•30 views

CVE-2010-4335

7.5CVSS7.2AI score0.82639EPSS

Exploits3

Positive Technologies•added 2011/01/14 12:0 a.m.•3 views

PT-2011-1505 · Cakephp · Cakephp

Name of the Vulnerable Software and Affected Versions: CakePHP versions 1.2.8 through 1.3.5 Description: The issue allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data Tokenfields value that is processed by the unserialize function. This can be...

7.5CVSS7.5AI score0.82639EPSS

Exploits3References17

Exploit DB•added 2011/01/14 12:0 a.m.•52 views

CakePHP 1.3.5/1.2.8 - Cache Corruption (Metasploit)

$Id: cakephpcachecorruption.rb 11579 2011-01-14 16:25:37Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

7.5CVSS7AI score0.82639EPSS

Exploits3

Packet Storm•added 2010/11/20 12:0 a.m.•57 views

CakePHP <= 1.3.5 / 1.2.8 Cache Corruption Exploit

$Id: cakephpcachecorruption.rb 11074 2010-11-19 20:43:56Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Exploits0

Metasploit•added 2010/11/19 6:30 p.m.•29 views

CakePHP Cache Corruption Code Execution

CakePHP is a popular PHP framework for building web applications. The Security component of CakePHP versions 1.3.5 and earlier and 1.2.8 and earlier is vulnerable to an unserialize attack which could be abused to allow unauthenticated attackers to execute arbitrary code with the permissions of th...

7.5CVSS8.4AI score0.82639EPSS

Exploits3

Packet Storm•added 2010/11/16 12:0 a.m.•23 views

CakePHP 1.3.5 / 1.2.8 Cache Corruption

!/usr/bin/python burnedCake.py - CakePHP = 1.3.5 / 1.2.8 Cache Corruption Exploit written by [email protected] This code exploits a unserialize vulnerability in the CakePHP security component. See http://malloc.im/CakePHP-unserialize.txt for a detailed analysis of the vulnerability. The exploit...

Exploits0

0day.today•added 2010/01/16 12:0 a.m.•25 views

CakePHP <= 1.3.5 / 1.2.8 unserialize() Vulnerability

Exploit for php platform in category web applications CakePHP data; $token = urldecode$check'Token''fields'; if strpos$token, ':' list$token, $locked = explode':', $token, 2; $locked = unserializestrrot13$locked; -- snip -- The $check array contains our POST data and $locked is a simple rot-13...

7.1AI score

Exploits0

securityvulns•added 2009/07/06 12:0 a.m.•77 views

CakePHP 1.1.20 Local File Inclusion Vulnerability

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + CakePHP 1.1.20 Local File Inclusion Vulnerability + + Discovered by Cru3l.b0y + + WwW.DeltaHacking.Net + + + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ AUTHOR : Cru3l.b0y APPLICATION : CakePHP...

1.1AI score

Exploits0

Packet Storm•added 2009/07/06 12:0 a.m.•29 views

CakePHP 1.1.20 Local File Inclusion

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + + CakePHP 1.1.20 Local File Inclusion Vulnerability + + + + Discovered by Cru3l.b0y + + + + WwW.DeltaHacking.Net + + + + + + + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ AUTHOR : Cru3l.b0y...

7.4AI score

Exploits0

NVD•added 2006/10/27 6:7 p.m.•9 views

CVE-2006-5594

PHP remote file inclusion vulnerability in University of British Columbia iPeer 2.0, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: it is possible that this issue is related to CakePHP...

7.5CVSS7.5AI score0.00717EPSS

Exploits0References3

Cvelist•added 2006/10/27 6:0 p.m.•16 views

CVE-2006-5594

7.5AI score0.00717EPSS

Exploits0References3

OSV•added 2006/09/27 11:7 p.m.•1 views

DEBIAN-CVE-2006-5031

Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. dot dot in the file parameter, followed by a filename ending with "%00" and a .js filename...

5CVSS6.9AI score0.0688EPSS

Exploits1References1

OSV•added 2006/09/27 11:7 p.m.•3 views

CVE-2006-5031

6.5AI score

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by