DEBIAN-CVE-2016-3154

The encodercontexteajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object...

CVE-2016-3154

The encodercontexteajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object...

Design/Logic Flaw

The encodercontexteajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object...

CVE-2016-3154

SPIP contains a PHP object injection vulnerability (CVE-2016-3154) in the encoder_contexte_ajax path (ecrire/inc/filtres.php). The issue affects SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1, where deserializing crafted object data can allow remote attackers to inject object...

CVE-2016-3154

The encodercontexteajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object...

CVE-2016-3154

The encodercontexteajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object...

WordPress Easy Digital Downloads Plugin <= 2.5.7 - PHP Object Injection

Because of this vulnerability, attackers can execute arbitrary PHP code. Solution Upgrade the plugin...

Easy Digital Downloads <= 2.5.7 - PHP Object Injection

Easy Digital Downloads unserializes user-submitted data from cookies and other request parameters, allowing for object injection...

WordPress Ninja Forms Plugin <= 2.9.42.0 - PHP Object Injection

This vulnerability allows an attacker to conduct PHP object injection attacks via crafted serialized values in a POST request. Solution Update the plugin...

CVE-2015-8562

Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015...

CVE-2015-8562

Joomla! 1.5.x, 2.x, and 3.x prior to 3.4.6 are affected by CVE-2015-8562 due to PHP object injection via the HTTP User-Agent header, enabling remote code execution. Exploitation was observed in the wild in December 2015. Affected component: Joomla! core PHP object deserializationActivity occurs d...

CVE-2015-7808

The vBApiHook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments...

Design/Logic Flaw

The vBApiHook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments...

CVE-2015-7808

CVE-2015-7808 affects vBulletin 5 Connect 5.1.2–5.1.9. The vulnerability is a PHP object injection in vB_Api_Hook::decodeArguments that allows a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments, enabling remote code execution. Exploitation is demonstrated in p...

CVE-2015-7808

The vBApiHook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments...

CVE-2015-7816

The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0 allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery SSRF attacks, and execute arbitrary PHP code via a crafted HTTP header...

CVE-2015-7816

The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0 allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery SSRF attacks, and execute arbitrary PHP code via a crafted HTTP header...

CVE-2015-7816

CVE-2015-7816 affects Piwik (renamed Matomo) prior to 2.15.0, where the DisplayTopKeywords function in plugins/Referrers/Controller.php allows PHP object injection, Server-Side Request Forgery (SSRF), and arbitrary PHP code execution via a crafted HTTP header. The issue is caused by insecure hand...

CVE-2015-7816

The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0 allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery SSRF attacks, and execute arbitrary PHP code via a crafted HTTP header...

vBulletin 5.1.2 Unserialize Code Execution

This module exploits a PHP object injection vulnerability in vBulletin 5.1.2 to 5.1.9 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'vBulletin 5.1.2 Unserialize Code Execution', 'Description' ...