Information disclosure

openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Specially crafted GET request variable containing serialised PHP object. This...

CVE-2018-1000525

openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Specially crafted GET request variable containing serialised PHP object. This...

CVE-2018-1000527

Froxlor version = 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Passing malicious PHP objection in $POST'sslipandport'. This vulnerability appears to...

Design/Logic Flaw

The script '/adminui/errordetails.php' in the Quest KACE System Management Appliance 8.0.318 allows authenticated users to conduct PHP object injection attacks...

CVE-2018-11135

The script '/adminui/errordetails.php' in the Quest KACE System Management Appliance 8.0.318 allows authenticated users to conduct PHP object injection attacks...

CVE-2018-11135

The script '/adminui/errordetails.php' in the Quest KACE System Management Appliance 8.0.318 allows authenticated users to conduct PHP object injection attacks...

CVE-2018-11135

CVE-2018-11135 concerns the Quest KACE System Management Appliance 8.0.318. An authenticated user can trigger a deserialization-based PHP object injection in the script /adminui/error_details.php, enabling arbitrary PHP object execution as described in the vulnerability notes. Core Security CORE-...

CVE-2018-11135

The script '/adminui/errordetails.php' in the Quest KACE System Management Appliance 8.0.318 allows authenticated users to conduct PHP object injection attacks...

Multiple Wordpress Plugin PHP Object Injection Vulnerabilities

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. Multiple Wordpress plugins suffer from a PHP object injection vulnerability that stems from a failure to adequately validate...

Moodle 2.x / 3.x Remote Code Execution Vulnerability (Mar 2017) - Linux

Moodle is prone to an authenticated remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Moodle 2.x / 3.x Remote Code Execution Vulnerability (Mar 2017) - Windows

Moodle is prone to an authenticated remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Open Web Analytics < 1.5.7 PHP Object Injection Vulnerability

Open Web Analytics is prone to a PHP object injection vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

DRD Agent - Critical - PHP object injection - SA-CONTRIB-2018-022

This module enables you to monitor and manage any number of remote Drupal sites and aggregate useful information for administrators in a central dashboard. The modules DRD and DRD Agent encrypt the data which is exchanged between them but in order to do so, they use the PHP serialize/unserialize...

CVE-2014-2294

Open Web Analytics OWA before 1.5.7 allows remote attackers to conduct PHP object injection attacks via a crafted serialized object in the owaevent parameter to queue.php...

Design/Logic Flaw

Open Web Analytics OWA before 1.5.7 allows remote attackers to conduct PHP object injection attacks via a crafted serialized object in the owaevent parameter to queue.php...

CVE-2014-2294

Open Web Analytics OWA before 1.5.7 allows remote attackers to conduct PHP object injection attacks via a crafted serialized object in the owaevent parameter to queue.php...

CVE-2014-2294

Open Web Analytics (OWA) before 1.5.7 is vulnerable to PHP object injection via the owa_event parameter to queue.php. The root cause is unsafe unserialize() of a crafted serialized object (after decoding base64) in queue.php, enabling remote attackers to manipulate configuration or achieve arbitr...

Code injection

CMS Made Simple CMSMS through 2.2.6 allows PHP object injection because of an unserialize call in the getdata function of \lib\classes\internal\class.LoginOperations.php. By sending a crafted cookie, a remote attacker can upload and execute code, or delete files...

CVE-2018-10085

CMS Made Simple CMSMS through 2.2.6 allows PHP object injection because of an unserialize call in the getdata function of \lib\classes\internal\class.LoginOperations.php. By sending a crafted cookie, a remote attacker can upload and execute code, or delete files...

Open Web Analytics Heap Buffer Overflow Vulnerability

Open Web Analytics OWA is a PHP and MySQL based open source web traffic statistics software from the Open Web Analytics team. The software can be used to track and analyze the websites and applications visited by users, and can be used with WordPress, MediaWiki integration. Open Web Analytics OWA...