3636 matches found
Vanilla Forums 2.0.18.5 Local File Inclusion
------------------------------------------------------------------------------------------- Vanilla Forums ValidateTransientKey$TransientKey 324. // If messages wasn't empty 325. if $Messages != '' 326. // Unserialize them & save them if necessary 327. $Messages = GdnFormat::Unserialize$Messages;...
WordPress < 3.6.1 PHP object injection vulnerability-vulnerability warning-the black bar safety net
0x00 background When I read an article about the Joomla“PHP object injection”vulnerability in a blog post, I dug deep it found Stefan Esser God in 2 0 1 0 annual black hat conference articles: http://media.blackhat.com/bh-us- ... Exploits-slides. pdf This article has mentioned in PHP unserialize...
CVE-2013-5674
badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid...
CVE-2013-5674
badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid...
Design/Logic Flaw
badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid...
Joomla! 2.5.x < 2.5.10 / 3.0.x < 3.0.4 Multiple Vulnerabilities
According to its self-identified version number, the Joomla! installation hosted on the remote web server is 2.5.x prior to 2.5.10 or 3.0.x prior to 3.0.4. It is, therefore, affected by multiple vulnerabilities : - A security bypass vulnerability exists due to a failure to properly verify...
CVE-2013-3242
plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors...
Design/Logic Flaw
plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors...
CVE-2013-3242
plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors...
CVE-2013-3242
Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 are affected by CVE-2013-3242 due to improper handling of an object obtained from unserializing a cookie in plugins/system/remember/remember.php. An authenticated remote attacker can trigger PHP object injection and cause a denial of service via ...
Joomla! 3.0.3 PHP Object Injection
------------------------------------------------------------------ Joomla! decrypt$str; 45. $cookieData = @unserialize$str; User input passed through cookies is not properly sanitized before being used in an unserialize call at line 45. This could be exploited to inject arbitrary PHP objects into...
CubeCart 5.2.0 - 'cubecart.class.php' PHP Object Injection
------------------------------------------------------------------------- CubeCart set'shipping', unserializebase64urldecode$POST'shipping'; 522. if !isset$POST'proceed' 523. httpredircurrentPage; 524. 525. User input passed through the $POST'shipping' parameter is not properly sanitized before...
CubeCart 5.2.0 PHP Object Injection
------------------------------------------------------------------------- CubeCart set'shipping', unserializebase64urldecode$POST'shipping'; 522. if !isset$POST'proceed' 523. httpredircurrentPage; 524. 525. User input passed through the $POST'shipping' parameter is not properly sanitized before...
Invision Power Board (IP.Board) 3.3.4 - Unserialize Regex Bypass
?php / So this is the patch that sanitizes, static public function safeUnserialize $serialized // unserialize will return false for object declared with small cap o // as well as if there is any ws between O and : if isstring $serialized && strpos $serialized, "\0" === false if strpos $serialized...
Invision Power Board <= 3.3.4 "unserialize()" PHP Code Execution
No description provided by source. ?php / ---------------------------------------------------------------- Invision Power Board = 3.3.4 "unserialize" PHP Code Execution ---------------------------------------------------------------- author..............: Egidio Romano aka EgiX...
Invision Power Board (IP.Board) 3.3.4 - 'Unserialize()' PHP Code Execution
?php / ---------------------------------------------------------------- Invision Power Board = 3.3.4 "unserialize" PHP Code Execution ---------------------------------------------------------------- author..............: Egidio Romano aka EgiX mail................: n0b0d13satgmaildotcom software...