Forma LMS 1.3 Multiple PHP Object Injection Vulnerabilities

Exploit for php platform in category web applications Forma LMS 1.3 Multiple SQL Injections + Author: Filippo Roncari + Target: Forma LMS + Version: 1.3 and probably lower + Vendor: http://www.formalms.org + Accessibility: Remote + Severity: High + CVE: + Full Advisory:...

eFront 3.6.15 PHP Object Injection

eFront 3.6.15 PHP Object Injection Vulnerability + Author: Filippo Roncari + Target: eFront + Version: 3.6.15 and probably lower + Vendor: www.efrontlearning.net + Accessibility: Remote + Severity: High + CVE: + Full Advisory: https://www.securenetwork.it/docs/advisory/SN-15-02eFront.pdf + Info:...

Moodle < 2.4 / 2.4.x < 2.4.11 / 2.5.x < 2.5.7 / 2.6.x < 2.6.4 / 2.7.x < 2.7.1 Multiple Vulnerabilities

Binary data 8723.prm...

CVE-2014-2027

eGroupware before 1.8.006.20140217 allows remote attackers to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the 1 addrfields or 2 trans parameter to addressbook/csvimport.php, 3 calfields or 4 trans parameter to calendar/csvimport.php, 5...

Design/Logic Flaw

eGroupware before 1.8.006.20140217 allows remote attackers to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the 1 addrfields or 2 trans parameter to addressbook/csvimport.php, 3 calfields or 4 trans parameter to calendar/csvimport.php, 5...

CVE-2014-2027

eGroupware before 1.8.006.20140217 allows remote attackers to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the 1 addrfields or 2 trans parameter to addressbook/csvimport.php, 3 calfields or 4 trans parameter to calendar/csvimport.php, 5...

CVE-2014-2027

CVE-2014-2027 affects eGroupware prior to 1.8.006.20140217. The issue arises from improper input handling allowing PHP object injection and potential remote code execution via multiple parameters across addressbook/csv_import.php, calendar/csv_import.php, csv_import.php (in projectmanager/ or inf...

CVE-2015-2171

Middleware/SessionCookie.php in Slim before 2.6.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted session data...

Design/Logic Flaw

Middleware/SessionCookie.php in Slim before 2.6.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted session data...

CVE-2015-2171

Middleware/SessionCookie.php in Slim before 2.6.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted session data...

CVE-2015-2171

CVE-2015-2171 affects the Slim PHP framework; vulnerable component is Middleware/SessionCookie.php in Slim before 2.6.0. The issue allows remote attackers to perform PHP object injection via crafted session data, enabling arbitrary code execution on the server. The root cause is deserialization o...

CVE-2015-2171

Middleware/SessionCookie.php in Slim before 2.6.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted session data...

Seagate Business NAS - Remote Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rexml/document' class MetasploitModule 'Seagate Business NAS Unauthenticated Remote Command Execution', 'Description' = %q Some Seagate Busine...

Seagate Business NAS <= 2014.00319 - Pre-Authentication Remote Code Execution (0day)

Some Seagate Business NAS devices are vulnerable to command execution via a local file include vulnerability hidden in the language parameter of the CodeIgniter session cookie. The vulnerability manifests in the way the language files are included in the code on the login page, and hence is open ...

X2Engine < 4.2 Multiple Vulnerabilities

According to its version number, the X2Engine application installed on the remote web server is potentially affected by multiple vulnerabilities : - A PHP object injection vulnerability exists which can be used to carry out Server-Side Request Forgery SSRF attacks using specially crafted serializ...

CVE-2014-9277

The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injection attacks via a crafted string containing in a PHP format request, which causes the string length...

CVE-2014-9277

The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injection attacks via a crafted string containing in a PHP format request, which causes the string length...

Design/Logic Flaw

The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injection attacks via a crafted string containing in a PHP format request, which causes the string length...

CVE-2014-9277

The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injection attacks via a crafted string containing in a PHP format request, which causes the string length...

CVE-2014-9277

CVE-2014-9277 affects MediaWiki: The wfMangleFlashPolicy function in OutputHandler.php allows remote PHP object injection via a crafted request containing , affecting MediaWiki versions pre-1.19.22, 1.20.x up to pre-1.22.14, and pre-1.23.7. Impact is PHP object injection; remediation is upgrading...