4 matches found
Freescout Helper::decrypt() function deserialization vulnerability
FreeScout is an open source helpdesk system built on the PHP Laravel framework, designed to provide users with functionality similar to Zendesk or Help Scout, but without sacrificing privacy or freedom. Freescout suffers from a deserialization vulnerability that stems from an application that...
Remote Code Execution (RCE)
Picklescan is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient detection of dangerous deserialization behavior due to bypassing security checks by invoking benign built-in functions like timeit.timeit in the reduce method, which are not blacklisted and allow...
CVE-2024-28861
Symfony 1 is a community-driven fork of the 1.x branch of Symfony, a PHP framework for web projects. Starting in version 1.1.0 and prior to version 1.5.19, Symfony 1 has a gadget chain due to dangerous deserialization in sfNamespacedParameterHolder class that would enable an attacker to get remot...
CVE-2024-28861 Gadget chain in Symfony 1 due to uncontrolled unserialized input in sfNamespacedParameterHolder
Symfony 1 is a community-driven fork of the 1.x branch of Symfony, a PHP framework for web projects. Starting in version 1.1.0 and prior to version 1.5.19, Symfony 1 has a gadget chain due to dangerous deserialization in sfNamespacedParameterHolder class that would enable an attacker to get remot...