Lucene search
K

52 matches found

ATTACKERKB
ATTACKERKB
added 2022/07/29 6:48 a.m.3 views

CVE-2022-35223

EasyUse MailHunter Ultimate’s cookie deserialization function has an inadequate validation vulnerability. Deserializing a cookie containing malicious payload will trigger this insecure deserialization vulnerability, allowing an unauthenticated remote attacker to execute arbitrary code, manipulate...

9.8CVSS6.1AI score0.0129EPSS
Exploits0References3
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.68 views

DotNetNuke (DNN) Remote Code Execution Vulnerability

DotNetNuke DNN contains a vulnerability that may allow for remote code execution via cookie deserialization...

8.8CVSS8.9AI score0.94789EPSS
In wildExploits6
CNNVD
CNNVD
added 2021/03/03 12:0 a.m.7 views

WordPress 代码问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. wp-hotel-booking is a plugin for WordPress. A security vulnerability exists in wp-hotel-booking plugin 1.10.2...

9.8CVSS6.4AI score0.16017EPSS
Exploits2References3
VulnCheck KEV
VulnCheck KEV
added 2021/01/21 12:0 a.m.3 views

VulnCheck KEV: CVE-2017-9822

DotNetNuke DNN contains a vulnerability that may allow for remote code execution via cookie deserialization...

8.8CVSS7.8AI score0.94789EPSS
Exploits6References1
NVD
NVD
added 2020/12/31 5:15 a.m.18 views

CVE-2019-7725

includes/core/isuser.php in NukeViet before 4.3.04 deserializes the untrusted nvloginhash cookie i.e., the code relies on PHP's serialization format when JSON can be used to eliminate the risk...

9.8CVSS9.4AI score0.02535EPSS
Exploits0References4
CNNVD
CNNVD
added 2020/12/31 12:0 a.m.6 views

Vinades NukeViet Code Issue Vulnerability

Vinades NukeViet is an open source Content Management System CMS from VINADES Vinades Vietnam. A security vulnerability exists in NukeViet before 4.3.04, which stems from includes/core/isuser.php deserializing untrusted cookies...

9.8CVSS5.8AI score0.02535EPSS
Exploits0References4
Metasploit
Metasploit
added 2020/12/10 5:41 p.m.98 views

GitLab File Read Remote Code Execution

This module provides remote code execution against GitLab Community Edition CE and Enterprise Edition EE. It combines an arbitrary file read to extract the Rails "secretkeybase", and gains remote code execution with a deserialization vulnerability of a signed 'experimentationsubjectid' cookie tha...

5.5CVSS6.2AI score0.42741EPSS
Exploits10
0day.today
0day.today
added 2020/12/10 12:0 a.m.144 views

GitLab File Read Remote Code Execution Exploit

This Metasploit module provides remote code execution against GitLab Community Edition CE and Enterprise Edition EE. It combines an arbitrary file read to extract the Rails secretkeybase, and gains remote code execution with a deserialization vulnerability of a signed experimentationsubjectid...

5.5CVSS6.2AI score0.42741EPSS
Exploits10
Cvelist
Cvelist
added 2019/12/17 3:8 p.m.30 views

CVE-2019-18956

Divisa Proxia Suite 9 9.12.16, 9.11.19, 9.10.26, 9.9.8, 9.8.43 and 9.7.10, 10.0 10.0.32, and 10.1 10.1.5, SparkSpace 1.0 1.0.30, 1.1 1.1.2, and 1.2 1.2.4, and Proxia PHR 1.0 1.0.30 and 1.1 1.1.2 allows remote code execution via untrusted Java deserialization. The proxia-error cookie is insecurely...

9.9AI score0.05765EPSS
Exploits1References1
OSV
OSV
added 2018/02/06 12:0 a.m.9 views

UBUNTU-CVE-2016-3957

The secureload function in gluon/utils.py in web2py before 2.14.2 uses pickle.loads to deserialize session information stored in cookies, which might allow remote attackers to execute arbitrary code by leveraging knowledge of encryptionkey...

9.8CVSS7.2AI score0.0499EPSS
Exploits1References5
VulnCheck KEV
VulnCheck KEV
added 2017/10/02 12:0 a.m.5 views

VulnCheck KEV: CVE-2017-20206

The Appointments plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.2.1 via deserialization of untrusted input from the wpmudevappointments cookie. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting...

9.8CVSS5.8AI score0.0067EPSS
Exploits0References1
CNVD
CNVD
added 2017/07/25 12:0 a.m.5 views

NancyFX Nancy Remote Code Execution Vulnerability

NancyFX Nancy is a lightweight framework . The framework is used to build HTTP services on the .NET Framework or .NET Core. A security vulnerability exists in the Csrf.cs file in NancyFX Nancy versions prior to 1.4.4 and 2.x versions prior to 2.0-dangermouse. A remote attacker can exploit this...

9.8CVSS7.4AI score0.03095EPSS
Exploits0References1
Rows per page
Query Builder