My Geo Posts Free <= 1.2 - Unauthenticated PHP Object Injection

The plugin my-geo-posts-free insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. PoC Attack is exploitable over HTTP requests to sites with the my-geo-posts-free Plugin. The original researcher...

NextGEN Gallery geo <= 1.0 - Unauthenticated PHP Object Injection

The plugin nextgen-gallery-geo insecurely trusts serialized data submitted over AJAX requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. The original researcher notified the WordPress Plugins team. PoC Attack is exploitable over AJAX calls sites with...

Referrer Detector <= 4.2.1.0 - Unauthenticated PHP Object Injection

The plugin referrer-detector insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. The original researcher notified the WordPress Plugins team. PoC Attack is exploitable over HTTP requests to sites...

AJAX Random Posts <= 0.3.3 - Unauthenticated PHP Object Injection

The plugin ajax-random-posts insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. The original researcher notified WordPress Plugins team. Attack is exploitable over AJAX calls on sites with the...

Referrer Detector <= 4.2.1.0 - Unauthenticated PHP Object Injection

The plugin referrer-detector insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. The original researcher notified the WordPress Plugins team. Attack is exploitable over HTTP requests to sites with...

AJAX Random Posts <= 0.3.3 - Unauthenticated PHP Object Injection

The plugin ajax-random-posts insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. The original researcher notified WordPress Plugins team. PoC Attack is exploitable over AJAX calls on sites with th...

SiteBuilder Dynamic Components <= 1.0 - Unauthenticated PHP Object Injection

The plugin sitebuilder-dynamic-components insecurely trusts serialized data submitted over AJAX requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. PoC Attack is exploitable over AJAX calls sites with the sitebuilder-dynamic-components Plugin...

Gravitate QA Tracker <= 1.2.1 - Unauthenticated PHP Object Injection

The plugin gravitate-qa-tracker insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. Attack is exploitable over HTTP requests to sites with the gravitate-qa-tracker Plugin. The original researcher...

Gravitate QA Tracker <= 1.2.1 - Unauthenticated PHP Object Injection

The plugin gravitate-qa-tracker insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. PoC Attack is exploitable over HTTP requests to sites with the gravitate-qa-tracker Plugin. The original...

Medium: cacti

Issue Overview: PHP Object Injection Vulnerabilities CVE-2014-4000 Affected Packages: cacti Issue Correction: Run yum update cacti or yum update --advisory ALAS-2017-817 to update your system. New Packages: noarch: cacti-1.0.4-1.14.amzn1.noarch src: cacti-1.0.4-1.14.amzn1.src Additional...

openSUSE Security Update : cacti (openSUSE-2017-325)

This update for cacti fixes the following vulnerabilities : - CVE-2014-4000: PHP Object Injection Vulnerabilities boo1022564 It also updates cacti to version 1.0.4 to include the latest upstream bugfixes and improvements. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text a...

Tenable SecurityCenter 5.4.x <= 5.4.3 PHP Object Deserialization Remote File Deletion (TNS-2017-05)

According to its version, the installation of Tenable SecurityCenter on the remote host is affected by a PHP object deserialization vulnerability in the PluginParser.php script. An authenticated, remote attacker can exploit this, by uploading a specially crafted PHP object, to delete arbitrary...

WordPress Simple Ads Manager 2.9.8.125 PHP Object Injection Vulnerability

Exploit for php platform in category web applications ------------------------------------------------------------------------ Simple Ads Manager WordPress plugin unauthenticated PHP Object injection vulnerability ------------------------------------------------------------------------ Yorick...

Analytics Stats Counter Statistics - Unauthenticated PHP Object Injection

The stats-counter WordPress plugin was affected by an Unauthenticated PHP Object Injection security vulnerability...

CVE-2016-5726

Packages.php in Simple Machines Forum SMF 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter...

CVE-2016-5727

LogInOut.php in Simple Machines Forum SMF 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop...

CVE-2016-5727

LogInOut.php in Simple Machines Forum SMF 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop...

Design/Logic Flaw

Packages.php in Simple Machines Forum SMF 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter...

Design/Logic Flaw

LogInOut.php in Simple Machines Forum SMF 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop...

CVE-2016-5727

CVE-2016-5727 affects Simple Machines Forum (SMF) 2.1. The vulnerability allows remote attackers to perform PHP object injection and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop. The description indicates an input-derived injection in LogIn...