Lucene search
K

3636 matches found

Packet Storm
Packet Storm
added 2013/10/07 12:0 a.m.49 views

Vanilla Forums 2.0.18.5 Local File Inclusion

------------------------------------------------------------------------------------------- Vanilla Forums ValidateTransientKey$TransientKey 324. // If messages wasn't empty 325. if $Messages != '' 326. // Unserialize them & save them if necessary 327. $Messages = GdnFormat::Unserialize$Messages;...

7.5CVSS0.2AI score0.05667EPSS
Exploits7
myhack58
myhack58
added 2013/09/17 12:0 a.m.27 views

WordPress < 3.6.1 PHP object injection vulnerability-vulnerability warning-the black bar safety net

0x00 background When I read an article about the Joomla“PHP object injection”vulnerability in a blog post, I dug deep it found Stefan Esser God in 2 0 1 0 annual black hat conference articles: http://media.blackhat.com/bh-us- ... Exploits-slides. pdf This article has mentioned in PHP unserialize...

0.5AI score
Exploits0
NVD
NVD
added 2013/09/16 1:2 p.m.35 views

CVE-2013-5674

badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid...

7.5CVSS6.9AI score0.02098EPSS
Exploits2References2
UbuntuCve
UbuntuCve
added 2013/09/16 1:2 p.m.43 views

CVE-2013-5674

badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid...

7.5CVSS5.9AI score0.02098EPSS
Exploits2References3
Prion
Prion
added 2013/09/16 1:2 p.m.31 views

Design/Logic Flaw

badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid...

7.5CVSS7.4AI score0.02098EPSS
Exploits2References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2013/05/13 12:0 a.m.125 views

Joomla! 2.5.x < 2.5.10 / 3.0.x < 3.0.4 Multiple Vulnerabilities

According to its self-identified version number, the Joomla! installation hosted on the remote web server is 2.5.x prior to 2.5.10 or 3.0.x prior to 3.0.4. It is, therefore, affected by multiple vulnerabilities : - A security bypass vulnerability exists due to a failure to properly verify...

5.5CVSS8.4AI score0.04848EPSS
Exploits6References8
NVD
NVD
added 2013/05/03 11:57 a.m.16 views

CVE-2013-3242

plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors...

5.5CVSS6.4AI score0.04848EPSS
Exploits6References4
Prion
Prion
added 2013/05/03 11:57 a.m.21 views

Design/Logic Flaw

plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors...

5.5CVSS6.9AI score0.04848EPSS
Exploits6References4Affected Software1
Cvelist
Cvelist
added 2013/05/03 10:0 a.m.18 views

CVE-2013-3242

plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors...

6.4AI score0.04848EPSS
Exploits6References4
CVE
CVE
added 2013/05/03 10:0 a.m.75 views

CVE-2013-3242

Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 are affected by CVE-2013-3242 due to improper handling of an object obtained from unserializing a cookie in plugins/system/remember/remember.php. An authenticated remote attacker can trigger PHP object injection and cause a denial of service via ...

5.5CVSS6.5AI score0.04848EPSS
Exploits6References4Affected Software1
Packet Storm
Packet Storm
added 2013/04/29 12:0 a.m.53 views

Joomla! 3.0.3 PHP Object Injection

------------------------------------------------------------------ Joomla! decrypt$str; 45. $cookieData = @unserialize$str; User input passed through cookies is not properly sanitized before being used in an unserialize call at line 45. This could be exploited to inject arbitrary PHP objects into...

5.5CVSS0.04848EPSS
Exploits6
Exploit DB
Exploit DB
added 2013/02/07 12:0 a.m.39 views

CubeCart 5.2.0 - &#039;cubecart.class.php&#039; PHP Object Injection

------------------------------------------------------------------------- CubeCart set'shipping', unserializebase64urldecode$POST'shipping'; 522. if !isset$POST'proceed' 523. httpredircurrentPage; 524. 525. User input passed through the $POST'shipping' parameter is not properly sanitized before...

9.8CVSS9.6AI score0.07086EPSS
Exploits6
Packet Storm
Packet Storm
added 2013/02/06 12:0 a.m.44 views

CubeCart 5.2.0 PHP Object Injection

------------------------------------------------------------------------- CubeCart set'shipping', unserializebase64urldecode$POST'shipping'; 522. if !isset$POST'proceed' 523. httpredircurrentPage; 524. 525. User input passed through the $POST'shipping' parameter is not properly sanitized before...

7.5CVSS0.07086EPSS
Exploits6
Exploit DB
Exploit DB
added 2012/11/07 12:0 a.m.52 views

Invision Power Board (IP.Board) 3.3.4 - Unserialize Regex Bypass

?php / So this is the patch that sanitizes, static public function safeUnserialize $serialized // unserialize will return false for object declared with small cap o // as well as if there is any ws between O and : if isstring $serialized && strpos $serialized, "\0" === false if strpos $serialized...

10CVSS7AI score0.26049EPSS
Exploits15
seebug.org
seebug.org
added 2012/11/04 12:0 a.m.39 views

Invision Power Board &lt;= 3.3.4 &quot;unserialize()&quot; PHP Code Execution

No description provided by source. ?php / ---------------------------------------------------------------- Invision Power Board = 3.3.4 "unserialize" PHP Code Execution ---------------------------------------------------------------- author..............: Egidio Romano aka EgiX...

10CVSS6.4AI score0.26049EPSS
Exploits15
Exploit DB
Exploit DB
added 2012/11/01 12:0 a.m.76 views

Invision Power Board (IP.Board) 3.3.4 - &#039;Unserialize()&#039; PHP Code Execution

?php / ---------------------------------------------------------------- Invision Power Board = 3.3.4 "unserialize" PHP Code Execution ---------------------------------------------------------------- author..............: Egidio Romano aka EgiX mail................: n0b0d13satgmaildotcom software...

10CVSS6.4AI score0.26049EPSS
Exploits15
Rows per page
Query Builder