Lucene search
K

3642 matches found

CVE
CVE
added 2014/07/29 10:0 a.m.66 views

CVE-2014-3541

CVE-2014-3541 affects Moodle’s Repositories component across multiple branches (Moodle 2.3.11; 2.4.x < 2.4.11; 2.5.x < 2.5.7; 2.6.x < 2.6.4; 2.7.x

7.5CVSS7.8AI score0.03713EPSS
Exploits0References3Affected Software1
Packet Storm
Packet Storm
added 2014/07/14 12:0 a.m.141 views

OpenCart 1.5.6.4 PHP Object Injection

----------------------------------------------------------------- OpenCart session-data'cart' as $key = $quantity 24. $product = explode':', $key; 25. $productid = $product0; 26. $stock = true; 27. 28. // Options 29. if !empty$product1 30. $options = unserializebase64decode$product1; 31. else 32...

0.1AI score0.06865EPSS
Exploits3
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.25 views

CubeCart 5.2.0 (cubecart.class.php) PHP Object Injection Vulnerability

No description provided by source. ------------------------------------------------------------------------- CubeCart = 5.2.0 cubecart.class.php PHP Object Injection Vulnerability ------------------------------------------------------------------------- - Software Link: http://www.cubecart.com/ -...

7.5CVSS0.1AI score0.07086EPSS
Exploits6
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.69 views

Invision Power Board <= 3.3.4 unserialize Regex Bypass

No description provided by source. ?php / So this is the patch that sanitizes, static public function safeUnserialize $serialized // unserialize will return false for object declared with small cap o // as well as if there is any ws between O and : if isstring $serialized && strpos $serialized, \...

10CVSS0.4AI score0.26049EPSS
Exploits15
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.37 views

Vanilla Forums 2.0 - 2.0.18.5 (class.utilitycontroller.php) - PHP Object Injection Vulnerability

No description provided by source. ------------------------------------------------------------------------------------------- Vanilla Forums = 2.0.18.5 class.utilitycontroller.php PHP Object Injection Vulnerability...

7.5CVSS6.5AI score0.05667EPSS
Exploits7
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.61 views

Joomla! <= 3.0.2 (highlight.php) PHP Object Injection Vulnerability

No description provided by source. ------------------------------------------------------------------- Joomla! = 3.0.2 highlight.php PHP Object Injection Vulnerability ------------------------------------------------------------------- - Software Link: http://www.joomla.org/ - Affected Versions:...

7.5CVSS0.1AI score0.03149EPSS
Exploits6
0day.today
0day.today
added 2014/05/14 12:0 a.m.50 views

CodeIgniter / Kohana PHP Object Injection / Timing Attack

CodeIgniter versions 2.1.4 and below and Kohana versions 3.2.3 and below and 3.3.2 and below suffer from PHP object injection, a timing attack, and a remote code execution vulnerability. Background info and boring history shit:...

8AI score
Exploits0
NVD
NVD
added 2014/04/21 10:55 p.m.18 views

CVE-2014-2922

The getObjectByToken function in Newsletter.php in the PimcoreToolNewsletter module in pimcore 1.4.9 through 2.1.0 does not properly handle an object obtained by unserializing a pathname, which allows remote attackers to conduct PHP object injection attacks and delete arbitrary files via vectors...

6.4CVSS7.1AI score0.02921EPSS
Exploits3References3
Prion
Prion
added 2014/04/21 10:55 p.m.18 views

Design/Logic Flaw

The getObjectByToken function in Newsletter.php in the PimcoreToolNewsletter module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via...

7.5CVSS8.4AI score0.07315EPSS
Exploits3References3Affected Software1
Prion
Prion
added 2014/04/21 10:55 p.m.15 views

Design/Logic Flaw

The getObjectByToken function in Newsletter.php in the PimcoreToolNewsletter module in pimcore 1.4.9 through 2.1.0 does not properly handle an object obtained by unserializing a pathname, which allows remote attackers to conduct PHP object injection attacks and delete arbitrary files via vectors...

6.4CVSS7.6AI score0.02921EPSS
Exploits3References3Affected Software1
Cvelist
Cvelist
added 2014/04/21 10:0 p.m.31 views

CVE-2014-2921

The getObjectByToken function in Newsletter.php in the PimcoreToolNewsletter module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via...

7.7AI score0.07315EPSS
Exploits3References3
Cvelist
Cvelist
added 2014/04/21 10:0 p.m.24 views

CVE-2014-2922

The getObjectByToken function in Newsletter.php in the PimcoreToolNewsletter module in pimcore 1.4.9 through 2.1.0 does not properly handle an object obtained by unserializing a pathname, which allows remote attackers to conduct PHP object injection attacks and delete arbitrary files via vectors...

7AI score0.02921EPSS
Exploits3References3
CVE
CVE
added 2014/04/21 10:0 p.m.62 views

CVE-2014-2921

CVE-2014-2921 affects Pimcore’s Newsletter tool. The vulnerability in the getObjectByToken function (Newsletter.php) occurs in Pimcore versions 1.4.9–2.0.0 and stems from improper handling of an object obtained by unserializing Lucene search data, enabling PHP object injection and arbitrary code ...

7.5CVSS8AI score0.07315EPSS
Exploits3References3Affected Software1
CVE
CVE
added 2014/04/21 10:0 p.m.58 views

CVE-2014-2922

CVE-2014-2922 affects Pimcore CMS, specifically the Pimcore_Tool_Newsletter Newsletter.php path. The issue occurs in Pimcore 1.4.9 through 2.1.0 where getObjectByToken mishandles an object obtained by unserializing a pathname, enabling PHP object injection via a serialized payload. Reported explo...

6.4CVSS7.3AI score0.02921EPSS
Exploits3References3Affected Software1
Friends Of PHP
Friends Of PHP
added 2014/02/13 11:12 a.m.14 views

PHP object injection vulnerability allows for arbitrary code execution

More info at https://contao.org/en/news/major-security-hole-found-in-contao.html...

7.2AI score
Exploits0Affected Software1
0day.today
0day.today
added 2014/02/05 12:0 a.m.88 views

Contao CMS 3.2.4 Code Execution Vulnerability

Contao CMS versions 3.2.4 and below suffer from a code execution vulnerability. Hi, I have discovered a vulnerability that might lead to code execution in Contao CMS Vulnerabilities in Contao 3.2.4 Discovered by Pedro Ribeiro email protected of Agile Information Security...

9.5AI score0.03648EPSS
Exploits2
Prion
Prion
added 2014/01/24 3:8 p.m.22 views

Security feature bypass

The "Remember me" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object...

7.5CVSS8AI score0.01527EPSS
Exploits2References5Affected Software1
NVD
NVD
added 2014/01/24 3:8 p.m.16 views

CVE-2013-5350

The "Remember me" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object...

7.5CVSS7.4AI score0.01527EPSS
Exploits2References5
Cvelist
Cvelist
added 2014/01/24 3:0 p.m.18 views

CVE-2013-5350

The "Remember me" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object...

7.4AI score0.01527EPSS
Exploits2References5
CVE
CVE
added 2014/01/24 3:0 p.m.46 views

CVE-2013-5350

OpenPNE contains a PHP Object Injection vulnerability in opSecurityUser.getRememberLoginCookie() that processes cookies with unserialize(base64_decode()) without proper input filtering. A remote unauthenticated attacker could craft a serialized object in a Cookie header to execute arbitrary PHP c...

7.5CVSS7.6AI score0.01527EPSS
Exploits2References5Affected Software1
Rows per page
Query Builder