8123 matches found
HTTParty does not restrict casts of string values
The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for YAML type...
Improper Input Validation in multi_xml
multixml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption involvin...
Tuleap < 9.7 Object Injection Vulnerability
Tuleap is prone to an object injection vulnerability. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Kaltura Remote PHP Code Execution over Cookie
This module exploits an Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server user. Kaltura makes use of a hardcoded cookie secret which allows to sign arbitrary cookie data. After passing...
VulnCheck KEV: CVE-2017-15919
The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php...
WordPress Invite Anyone plugin <=1.3.18 - Unauthenticated PHP Object Injection vulnerability
Unauthenticated PHP Object Injection vulnerability found in WordPress Invite Anyone plugin versions =1.3.18. Solution Update the WordPress Invite Anyone plugin to the latest available version at least version 1.3.19...
Invite Anyone <= 1.3.18 - Unauthenticated PHP Object Injection
The plugin invite-anyone insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. PoC Similar to previous attacks, you send a cookie named "invite-anyone" with serialized data for your target object...
Invite Anyone <= 1.3.18 - Unauthenticated PHP Object Injection
The plugin invite-anyone insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. Similar to previous attacks, you send a cookie named "invite-anyone" with serialized data for your target object...
WordPress Appointments plugin <=2.2.1 - Unauthenticated PHP Object Injection vulnerability
Unauthenticated PHP Object Injection vulnerability found by Matt Barry WordFence in WordPress Appointments plugin versions =2.2.1. Solution Update the WordPress Appointments plugin to the latest available version at least 2.2.2...
WordPress RegistrationMagic-Custom Registration Forms plugin <= 3.7.9.2 - Unauthenticated PHP Object Injection vulnerability
Unauthenticated PHP Object Injection vulnerability found by Matt Barry WordFence in WordPress RegistrationMagic-Custom Registration Forms plugin versions = 3.7.9.2. Solution Update the WordPress RegistrationMagic-Custom Registration Forms plugin to the latest available version at least 3.7.9.3...
WordPress Flickr Gallery plugin <=1.5.2 - Unauthenticated PHP Object Injection vulnerability
Unauthenticated PHP Object Injection vulnerability found by Matt Barry WordFence in WordPress Appointments plugin versions =1.5.2. Solution Update the WordPress Flickr Gallery plugin to the latest available version at least 1.5.3...
VulnCheck KEV: CVE-2017-20208
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 3.7.9.3 exclusive via deserialization of untrusted input from the isexpiredbydate function. This makes it...
Flickr Gallery <= 1.5.2 - Unauthenticated PHP Object Injection
The flickr-gallery WordPress plugin was affected by an Unauthenticated PHP Object Injection security vulnerability...
VulnCheck KEV: CVE-2017-20206
The Appointments plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.2.1 via deserialization of untrusted input from the wpmudevappointments cookie. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting...
VulnCheck KEV: CVE-2017-20207
The Flickr Gallery plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.5.2 via deserialization of untrusted input from the pager parameter. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting this...
MarketPress <= 3.2.6 - PHP Object Injection
The MarketPress plugin installs to a directory named wordpress-ecommerce versions 3.2.6 and prior are vulnerable to a PHP Object Injection attack from the cart cookie value stored in connection with this plugin. PoC Send an object to the site using the mpglobalcart cookie value and it will be...
MarketPress <= 3.2.6 - PHP Object Injection
The MarketPress plugin installs to a directory named wordpress-ecommerce versions 3.2.6 and prior are vulnerable to a PHP Object Injection attack from the cart cookie value stored in connection with this plugin. Send an object to the site using the mpglobalcart cookie value and it will be...
WordPress MarketPress plugin <=3.2.6 - PHP Object Injection vulnerability
PHP Object Injection vulnerability found by Robert R in WordPress MarketPress plugin versions =3.2.6 . Solution Update the WordPress MarketPress plugin to the latest available version at least 3.2.7...
WordPress Shoppable Images Lite plugin <=1.0.0 - Cross-Site Request Forgery (CSRF)/PHP Object Injection Vulnerabilities
WordPress Shoppable Images Lite plugin Cross-Site Request Forgery CSRF/PHP Object Injection Vulnerabilities were found in the showadminnotices function. The value of $GET nonce variable is unserialized, which allows PHP object injection. Solution Update the plugin...
Kaltura PHP Object Injection Vulnerability
Kaltura is a suite of open source online video platforms from the US company Kaltura. A security vulnerability exists in the 'getUserzoneCookie' function in Kaltura versions prior to 13.2.0. A remote attacker can exploit this vulnerability with a specially crafted userzone cookie to bypass the...