46 matches found
EUVD-2014-6175
Malware in sbrugna...
EUVD-2013-5143
Malware in sbrugna...
EUVD-2022-3029
Malicious code in bioql PyPI...
EUVD-2022-2172
Malicious code in bioql PyPI...
CVE-2020-23653
An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution...
Insecure Unserialize Vulnerability in FLOW3
Due to a missing signature HMAC for a request argument, an attacker could unserialize arbitrary objects within FLOW3. To our knowledge it is neither possible to inject code through this vulnerability, nor are there exploitable objects within the FLOW3 Base Distribution. However, there might be...
GHSA-XVCP-33RC-J8GQ Insecure Unserialize in TYPO3 Import/Export
Failing to properly validate incoming import data, the Import/Export component is susceptible to insecure unserialize. To exploit this vulnerability a valid backend user account is needed...
GHSA-7M7G-JQ4M-98W5 Apache Solr for TYPO3 (solr) extension is vulnerable to Insecure Unserialize
Unspecified vulnerability in the Apache Solr for TYPO3 solr extension before 2.8.3 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize."...
Apache Solr for TYPO3 (solr) extension is vulnerable to Insecure Unserialize
Unspecified vulnerability in the Apache Solr for TYPO3 solr extension before 2.8.3 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize."...
GHSA-47WW-MQ32-G4XW TYPO3 vulnerable to Insecure Unserialize via Content Editing Wizards component
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an...
Apache Solr for TYPO3 (solr) extension is vulnerable to Insecure Unserialize
Unspecified vulnerability in the Apache Solr for TYPO3 solr extension before 2.8.3 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize."...
Deserialization of untrusted data
The package topthink/framework before 6.0.12 are vulnerable to Deserialization of Untrusted Data due to insecure unserialize method in the Driver class...
CVE-2021-23592 Deserialization of Untrusted Data
The package topthink/framework before 6.0.12 are vulnerable to Deserialization of Untrusted Data due to insecure unserialize method in the Driver class...
CVE-2020-23653
An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution...
CVE-2020-23653
An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution...
Remote code execution
An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution...
CVE-2020-23653
CVE-2020-23653 : ThinkAdmin versions 4.x–6.x contain an insecure unserialize vulnerability in two files, app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution. The Red Hat and GHSA entries concur on the vulnerable components ...
CVE-2020-23653
An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution...
PT-2021-10922 · Unknown · Thinkadmin
Name of the Vulnerable Software and Affected Versions: ThinkAdmin versions 4.x through 6.x Description: An insecure unserialize vulnerability was discovered in ThinkAdmin, which may lead to arbitrary remote code execution. The issue is located in files such as "app/admin/controller/api/Update.php...
CVE-2019-19826
The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/viewshandlerfilterdynamicfields.inc, as demonstrated by PHP object injection, involving a fieldnames object and an ArchiveTar object, for file deletion. Code execution might also be...