CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3582 matches found

NVD•added 2016/12/05 8:59 a.m.•24 views

CVE-2016-9835

Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file...

9.8CVSS9.6AI score0.03905EPSS

Exploits0References4

Prion•added 2016/12/05 8:59 a.m.•12 views

Directory traversal

7.5CVSS7.5AI score0.03905EPSS

Exploits0References4Affected Software1

CVE•added 2016/12/05 8:9 a.m.•35 views

CVE-2016-9835

Summary (CVE-2016-9835) : Zikula’s jcss.php file has a directory traversal vulnerability in 1.3.x (before 1.3.11) and 1.4.x (before 1.4.4) on Windows, allowing a remote attacker to upload a serialized file to trigger a PHP object injection. Root cause is improper handling of uploaded content lead...

9.8CVSS9.5AI score0.03905EPSS

Exploits0References4Affected Software1

Hacker One•added 2016/11/28 1:16 a.m.•23 views

Ian Dunn: unchecked unserialize usage in WordPress-Functionality-Plugin-Skeleton/functionality-plugin-skeleton.php

in: https://github.com/iandunn/WordPress-Functionality-Plugin-Skeleton/blob/547216caf1bef2664ec3920a9c749191dea13aeb/functionality-plugin-skeleton.phpL108 there is usage of unserialize function public function blockpluginupdates $request, $url if 0 !== strpos $url, self::PLUGINUPDATECHECKURL //...

0.5AI score

Exploits0

Patchstack•added 2016/11/17 12:0 a.m.•5 views

WordPress Relevanssi Premium Plugin <= 1.14.4 - Multiple Vulnerabilities

This plugin is prone to a SQL injection and PHP object injection vulnerabilities. Solution Update the plugin...

2.4AI score

Exploits0References2Affected Software1

WPVulnDB•added 2016/11/17 12:0 a.m.•15 views

Relevanssi Premium <= 1.14.4 - SQL Injection & PHP Object Injection

The relevanssi-premium WordPress plugin was affected by a SQL Injection & PHP Object Injection security vulnerability...

6.8CVSS1.8AI score0.00592EPSS

Exploits1References3Affected Software1

WPVulnDB•added 2016/11/15 12:0 a.m.•9 views

Google Analytics Counter Tracker <= 3.4.0 - Unauthenticated PHP Object Injection

The Google Analytics Counter Tracker WordPress plugin was affected by an Unauthenticated PHP Object Injection security vulnerability...

3.1AI score

Exploits0References4Affected Software1

WPVulnDB•added 2016/11/08 12:0 a.m.•33 views

YITH WooCommerce Compare <= 2.0.9 - Unauthenticated PHP Object injection

The YITH WooCommerce Compare WordPress plugin was affected by an Unauthenticated PHP Object injection security vulnerability...

2.7AI score

Exploits0References1Affected Software1

Packet Storm•added 2016/11/08 12:0 a.m.•66 views

WordPress YITH WooCommerce Compare 2.0.9 PHP Object Injection

------------------------------------------------------------------------ YITH WooCommerce Compare WordPress Plugin unauthenticated PHP Object injection vulnerability ------------------------------------------------------------------------ Yorick Koster, June 2016...

0.4AI score

Exploits0

Exploit DB•added 2016/11/02 12:0 a.m.•33 views

Alienvault OSSIM/USM 5.3.1 - PHP Object Injection

Details ======= Product: Alienvault OSSIM/USM Vulnerability: PHP Object Injection Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8580 Vulnerable Versions: =5.3.1 Fixed Version: 5.3.2 Vulnerability Details ===================== A PHP object injection vulnerability exists in multiple widget...

9.8CVSS9.8AI score0.12558EPSS

Exploits4

Packet Storm•added 2016/11/02 12:0 a.m.•34 views

Alienvault OSSIM/USM 5.3.1 PHP Object Injection

7.5CVSS0.2AI score0.12558EPSS

Exploits4

exploitpack•added 2016/11/02 12:0 a.m.•23 views

Alienvault OSSIMUSM 5.3.1 - PHP Object Injection

Alienvault OSSIMUSM 5.3.1 - PHP Object Injection Details ======= Product: Alienvault OSSIM/USM Vulnerability: PHP Object Injection Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8580 Vulnerable Versions: =5.3.1 Fixed Version: 5.3.2 Vulnerability Details ===================== A PHP object...

7.5CVSS0.5AI score0.12558EPSS

Exploits4

Prion•added 2016/10/28 3:59 p.m.•13 views

Design/Logic Flaw

PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes...

7.5CVSS8.3AI score0.12558EPSS

Exploits4References3Affected Software2

Cvelist•added 2016/10/28 3:0 p.m.•31 views

CVE-2016-8580

10AI score0.12558EPSS

Exploits4References3

CNVD•added 2016/09/21 12:0 a.m.•3 views

CS-Cart Twigmo Plugin PHP Object Injection Vulnerability

CS-Cart is a PHP and MySQL based e-commerce software system developed by CS-Cart team. The system supports third-party software extensions , custom promotional strategies , product filtering definitions , etc. Twigmo is one of the template plug-ins developed specifically for mobile terminals . A...

8.8CVSS7.8AI score0.02432EPSS

Exploits0References1

Japan Vulnerability Notes•added 2016/09/14 6:0 a.m.•4 views

CS-Cart add-on "Twigmo" vulnerable to PHP object injection

Overview CS-Cart add-on "Twigmo" contains a PHP object injection vulnerability due to a flaw where untrusted input values are unserialized. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A remote...

8.8CVSS7.7AI score0.02432EPSS

Exploits0References6

Japan Vulnerability Notes•added 2016/09/14 12:0 a.m.•36 views

JVN#55389065: CS-Cart add-on "Twigmo" vulnerable to PHP object injection

CS-Cart add-on "Twigmo" contains a PHP object injection vulnerability due to a flaw where untrusted input values are unserialized. Impact A remote attacker may execute arbitrary PHP code. Solution Edit twigmo.php This vulnerability can be addressed by deleting or commenting out the following part...

8.8CVSS9AI score0.02432EPSS

Exploits0

Packet Storm•added 2016/09/08 12:0 a.m.•30 views

SugarCRM REST Unserialize PHP Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'SugarCRM REST Unserialize PHP Code Execution', 'Description' = %q This module exploits a PHP Object Injection vulnerability in...

0.3AI score

Exploits0

CNVD•added 2016/09/05 12:0 a.m.•2 views

Malware Information Sharing Platform PHP Object Injection Vulnerability

The Malware Information Sharing Platform MISP is an open source software solution for collecting, storing, distributing and sharing cybersecurity metrics and analyzing cybersecurity events and malware. A PHP object injection vulnerability exists in versions of MISP prior to 2.3.90. A remote...

9.8CVSS7.3AI score0.00858EPSS

Exploits0References1

NVD•added 2016/09/03 8:59 p.m.•6 views

CVE-2015-5721

Malware Information Sharing Platform MISP before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populateeventfromtemplateattributes.ctp...

9.8CVSS9.6AI score0.00858EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by