pikachu

It is an offensive tool for web application security training. The primary CVE ID is not explicitly mentioned, but the tool is designed to simulate various web application vulnerabilities, including but not limited to, Burt Force 暴力破解漏洞, XSS 跨站脚本漏洞, CSRF 跨站请求伪造, SQL-Inject SQL注入漏洞, RCE 远程命令/代码执行,...

Exploit for Deserialization of Untrusted Data in Sygnoos Popup_Builder

CVE-2020-9006: Wordpress Popup-Builder Plugin Exploit Usage:...

WordPress Popup Builder Plugin 2.2.8 < 3.0 SQL Injection Vulnerability

The WordPress plugin Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...

CVE-2020-9006

The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulnerable to SQL injection in the sgImportPopups function in sgpopupajax.php via PHP Deserialization on attacker-controlled data with the attachmentUrl POST variable. This allows creation of an arbitrary WordPress Administrator...

Sql injection

The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulnerable to SQL injection in the sgImportPopups function in sgpopupajax.php via PHP Deserialization on attacker-controlled data with the attachmentUrl POST variable. This allows creation of an arbitrary WordPress Administrator...

CVE-2020-9006

The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulnerable to SQL injection in the sgImportPopups function in sgpopupajax.php via PHP Deserialization on attacker-controlled data with the attachmentUrl POST variable. This allows creation of an arbitrary WordPress Administrator...

Popup Builder < 3.0 - SQL injection via PHP Deserialization

The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulnerable to SQL injection via PHP Deserialization on attacker-controlled data with the attachmentUrl POST variable. This allows creation of an arbitrary WordPress Administrator account, leading to possible Remote Code Execution...

PRODSECBUG-2407: Remote code execution due to unsafe PHP archieve deserialization in the import functionality

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

A single click to achieve remote code execution: content management framework Drupal malicious image upload exploit chain analysis-vulnerability warning-the black bar safety net

Overview Recently, Drupal has released a set for the 7. x and 8. x version key patch. In the update, contains a set of vulnerabilities fix the vulnerabilities is our initial participation in the for the target of the vulnerability incentive program when submitted. These vulnerabilities can achiev...

Drupal vulnerability a combination of Boxing: by a malicious picture of a key RCE-vulnerability warning-the black bar safety net

One, Foreword Recent Drupal released two critical patches, support 7. x and 8. the x version. In this security update fixes some bugs, these bugs have been submitted to our targeted vulnerability incentive program TIPS. Exploitation of these vulnerabilities it is possible to achieve code executio...

Arbitrary Code Execution

mpdf/mpdf is vulnerable to arbitrary code execution. The vulnerability exists through a phar:// wrapper that leads to an insecure PHP deserialization flaw, allowing an attacker to execute arbitrary code...

New PHP Code Execution Attack Puts WordPress Sites at Risk

Sam Thomas, a security researcher from Secarma, has discovered a new exploitation technique that could make it easier for hackers to trigger critical deserialization vulnerabilities in PHP programming language using previously low-risk considered functions. The new technique leaves hundreds of...

Pornhub: [phpobject in cookie] Remote shell/command execution

The researcher was able to exploit a vulnerable deserialization function in PHP leading to remote shell on a production server...

By PHP deserialization remote code execution-vulnerability warning-the black bar safety net

In the NotSoSecure, we will conduct penetration testing or code review, but recently we came across an interesting PHP code, which could lead to remote code execution RCE）vulnerabilities, but its use was a bit tricky. Experienced a few trying to crack this Code of sleepless nights, we are convinc...

security flaw

The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow"...