EUVD-2022-3029

Malicious code in bioql PyPI...

CVE-2020-23653

An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution...

Insecure Unserialize Vulnerability in FLOW3

Due to a missing signature HMAC for a request argument, an attacker could unserialize arbitrary objects within FLOW3. To our knowledge it is neither possible to inject code through this vulnerability, nor are there exploitable objects within the FLOW3 Base Distribution. However, there might be...

GHSA-XVCP-33RC-J8GQ Insecure Unserialize in TYPO3 Import/Export

Failing to properly validate incoming import data, the Import/Export component is susceptible to insecure unserialize. To exploit this vulnerability a valid backend user account is needed...

GHSA-7M7G-JQ4M-98W5 Apache Solr for TYPO3 (solr) extension is vulnerable to Insecure Unserialize

Unspecified vulnerability in the Apache Solr for TYPO3 solr extension before 2.8.3 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize."...

Apache Solr for TYPO3 (solr) extension is vulnerable to Insecure Unserialize

Unspecified vulnerability in the Apache Solr for TYPO3 solr extension before 2.8.3 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize."...

GHSA-47WW-MQ32-G4XW TYPO3 vulnerable to Insecure Unserialize via Content Editing Wizards component

The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an...

Apache Solr for TYPO3 (solr) extension is vulnerable to Insecure Unserialize

Unspecified vulnerability in the Apache Solr for TYPO3 solr extension before 2.8.3 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize."...

CVE-2020-23653

An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution...

CVE-2020-23653

An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution...

CVE-2020-23653

CVE-2020-23653 : ThinkAdmin versions 4.x–6.x contain an insecure unserialize vulnerability in two files, app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution. The Red Hat and GHSA entries concur on the vulnerable components ...

PT-2021-10922 · Unknown · Thinkadmin

Name of the Vulnerable Software and Affected Versions: ThinkAdmin versions 4.x through 6.x Description: An insecure unserialize vulnerability was discovered in ThinkAdmin, which may lead to arbitrary remote code execution. The issue is located in files such as "app/admin/controller/api/Update.php...

CVE-2019-19826

The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/viewshandlerfilterdynamicfields.inc, as demonstrated by PHP object injection, involving a fieldnames object and an ArchiveTar object, for file deletion. Code execution might also be...

CVE-2019-19826

The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/viewshandlerfilterdynamicfields.inc, as demonstrated by PHP object injection, involving a fieldnames object and an ArchiveTar object, for file deletion. Code execution might also be...

Insecure Unserialize in TYPO3 Backend

It has been discovered, that TYPO3 is susceptible to Insecure Unserialize. Component Type: TYPO3 CMS Release Date: November 22, 2016 Vulnerable subcomponent: Backend Vulnerability Type: Insecure Unserialize Affected Versions: Versions 6.2.0 to 6.2.28, 7.6.0 to 7.6.12 and 8.0.0 to 8.4.0 Severity:...

Insecure Unserialize in TYPO3 Import/Export

It has been discovered, that TYPO3 is susceptible to Insecure Unserialize. Component Type: TYPO3 CMS Release Date: July 19, 2016 Vulnerable subcomponent: Import/Export Vulnerability Type: Insecure Unserialize Affected Versions: Versions 6.2.0 to 6.2.25, 7.6.0 to 7.6.9 and 8.0.0 to 8.2.0 Severity:...

Insecure Unserialize in extension "Page path" (pagepath)

It has been discovered that the extension "Page path" pagepath is susceptible to Insecure Unserialize. Release Date: July 7, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 1.0.3 and below Vulnerability Type:...

Multiple vulnerabilities in extension "Fe user statistic" (festat)

It has been discovered that the extension "Fe user statistic" festat is susceptible to Cross-Site Scripting, Insecure Unserialize and Information Disclosure. Release Date: March 03, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affecte...

CVE-2014-6290

The News ttnews extension before 3.5.2 for TYPO3 allows remote attackers to have unspecified impact via vectors related to an "insecure unserialize" issue...

Multiple Vulnerabilities in TYPO3 CMS

It has been discovered that TYPO3 CMS is vulnerable to Cross-Site Scripting, Insecure Unserialize, Improper Session Invalidation, Authentication Bypass, Information Disclosure and Host Spoofing. Component Type: TYPO3 CMS Vulnerability Types: Cross-Site Scripting, Insecure Unserialize, Improper...