3642 matches found
CVE-2014-3541
CVE-2014-3541 affects Moodle’s Repositories component across multiple branches (Moodle 2.3.11; 2.4.x < 2.4.11; 2.5.x < 2.5.7; 2.6.x < 2.6.4; 2.7.x
OpenCart 1.5.6.4 PHP Object Injection
----------------------------------------------------------------- OpenCart session-data'cart' as $key = $quantity 24. $product = explode':', $key; 25. $productid = $product0; 26. $stock = true; 27. 28. // Options 29. if !empty$product1 30. $options = unserializebase64decode$product1; 31. else 32...
CubeCart 5.2.0 (cubecart.class.php) PHP Object Injection Vulnerability
No description provided by source. ------------------------------------------------------------------------- CubeCart = 5.2.0 cubecart.class.php PHP Object Injection Vulnerability ------------------------------------------------------------------------- - Software Link: http://www.cubecart.com/ -...
Invision Power Board <= 3.3.4 unserialize Regex Bypass
No description provided by source. ?php / So this is the patch that sanitizes, static public function safeUnserialize $serialized // unserialize will return false for object declared with small cap o // as well as if there is any ws between O and : if isstring $serialized && strpos $serialized, \...
Vanilla Forums 2.0 - 2.0.18.5 (class.utilitycontroller.php) - PHP Object Injection Vulnerability
No description provided by source. ------------------------------------------------------------------------------------------- Vanilla Forums = 2.0.18.5 class.utilitycontroller.php PHP Object Injection Vulnerability...
Joomla! <= 3.0.2 (highlight.php) PHP Object Injection Vulnerability
No description provided by source. ------------------------------------------------------------------- Joomla! = 3.0.2 highlight.php PHP Object Injection Vulnerability ------------------------------------------------------------------- - Software Link: http://www.joomla.org/ - Affected Versions:...
CodeIgniter / Kohana PHP Object Injection / Timing Attack
CodeIgniter versions 2.1.4 and below and Kohana versions 3.2.3 and below and 3.3.2 and below suffer from PHP object injection, a timing attack, and a remote code execution vulnerability. Background info and boring history shit:...
CVE-2014-2922
The getObjectByToken function in Newsletter.php in the PimcoreToolNewsletter module in pimcore 1.4.9 through 2.1.0 does not properly handle an object obtained by unserializing a pathname, which allows remote attackers to conduct PHP object injection attacks and delete arbitrary files via vectors...
Design/Logic Flaw
The getObjectByToken function in Newsletter.php in the PimcoreToolNewsletter module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via...
Design/Logic Flaw
The getObjectByToken function in Newsletter.php in the PimcoreToolNewsletter module in pimcore 1.4.9 through 2.1.0 does not properly handle an object obtained by unserializing a pathname, which allows remote attackers to conduct PHP object injection attacks and delete arbitrary files via vectors...
CVE-2014-2921
The getObjectByToken function in Newsletter.php in the PimcoreToolNewsletter module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via...
CVE-2014-2922
The getObjectByToken function in Newsletter.php in the PimcoreToolNewsletter module in pimcore 1.4.9 through 2.1.0 does not properly handle an object obtained by unserializing a pathname, which allows remote attackers to conduct PHP object injection attacks and delete arbitrary files via vectors...
CVE-2014-2921
CVE-2014-2921 affects Pimcore’s Newsletter tool. The vulnerability in the getObjectByToken function (Newsletter.php) occurs in Pimcore versions 1.4.9–2.0.0 and stems from improper handling of an object obtained by unserializing Lucene search data, enabling PHP object injection and arbitrary code ...
CVE-2014-2922
CVE-2014-2922 affects Pimcore CMS, specifically the Pimcore_Tool_Newsletter Newsletter.php path. The issue occurs in Pimcore 1.4.9 through 2.1.0 where getObjectByToken mishandles an object obtained by unserializing a pathname, enabling PHP object injection via a serialized payload. Reported explo...
PHP object injection vulnerability allows for arbitrary code execution
More info at https://contao.org/en/news/major-security-hole-found-in-contao.html...
Contao CMS 3.2.4 Code Execution Vulnerability
Contao CMS versions 3.2.4 and below suffer from a code execution vulnerability. Hi, I have discovered a vulnerability that might lead to code execution in Contao CMS Vulnerabilities in Contao 3.2.4 Discovered by Pedro Ribeiro email protected of Agile Information Security...
Security feature bypass
The "Remember me" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object...
CVE-2013-5350
The "Remember me" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object...
CVE-2013-5350
The "Remember me" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object...
CVE-2013-5350
OpenPNE contains a PHP Object Injection vulnerability in opSecurityUser.getRememberLoginCookie() that processes cookies with unserialize(base64_decode()) without proper input filtering. A remote unauthenticated attacker could craft a serialized object in a Cookie header to execute arbitrary PHP c...