CVE-2017-18375

Ampache 3.8.3 allows PHP Object Instantiation via democratic.ajax.php and democratic.class.php...

CVE-2017-18375

Ampache 3.8.3 allows PHP Object Instantiation via democratic.ajax.php and democratic.class.php...

CVE-2017-18375

Ampache 3.8.3 is affected by a vulnerability that allows PHP object instantiation via the files democratic.ajax.php and democratic.class.php. The connected sources consistently state this issue but do not provide technical specifics such as vulnerable functions, versions beyond 3.8.3, root cause ...

CVE-2016-10753

CVE-2016-10753 affects e107 2.1.2. It enables a PHP Object Injection vulnerability via usersettings.php that calls unserialize without an HMAC, which leads to a subsequent SQL injection. The root cause is improper handling of unserialize data, enabling an attacker-controlled object to affect data...

CVE-2019-5434

An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize call on the "what" parameter in the "openads.spc" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities...

Option Tree < 2.7.0 - PHP Object Injection

The OptionTree WordPress plugin was affected by a PHP Object Injection security vulnerability...

TCPDF 6.2.19 Deserialization / Remote Code Execution Exploit

TCPDF versions 6.2.19 and below suffer from a deserialization vulnerability that can allow for remote code execution. CVE-2018-17057: phar deserialization in TCPDF might lead to RCE --------------------------------------------------------------- Affected products ================= TCPDF While it ...

Security Bulletin: Public disclosed vulnerabilities from Jackson-databind affects IBM Spectrum LSF

Summary Public disclosed vulnerabilities from Jackson-databind affects IBM Spectrum LSF: CVE-2017-7525, CVE-2017-15095, CVE-2017-17485, CVE-2018-5968, CVE-2018-7489 Vulnerability Details CVE-2017-7525 Jackson-databind Also implemented in JBoss BPM Suite is vulnerable to remote code execution when...

[SECURITY] [DLA 1673-1] wordpress security update

Package : wordpress Version : 4.1.25+dfsg-1+deb8u1 CVE ID : CVE-2018-20147 CVE-2018-20148 CVE-2018-20149 CVE-2018-20150 CVE-2018-20151 CVE-2018-20152 CVE-2018-20153 Debian Bug : 916403 CVE-2018-20147 Authors could modify metadata to bypass intended restrictions on deleting files. CVE-2018-20148...

NextGen Gallery <= 3.1.5 - Authenticated PHP Object Injection

Legacy serialization handling allows unserialize of user input for low privileged users, leading to RCE...

[SECURITY] [DSA 4378-1] php-pear security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4378-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 30, 2019 https://www.debian.org/security/faq -...

CTF Writeup: Complex Drupal POP Chain

About the Challenge The Droops challenge consisted of a website which had a modified version of Drupal 7.63 installed. The creators of the challenge added a Cookie to the Drupal installation that contained a PHP serialized string, which would then be unserialized on the remote server, leading to ...

WordPress Yet Another Stars Rating plugin <= 1.8.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability found by Paul Dannewitz in WordPress Yet Another Stars Rating plugin versions = 1.8.6. Solution Update the WordPress Yet Another Stars Rating plugin to the latest available version at least 1.8.7...

Yet Another Stars Rating <= 1.8.6 - PHP Object Injection

An unauthenticated PHP object injection in the "Yasr – Yet Another Stars Rating" WordPress plugin introduces a starting point for RCE and similiar high-severity vulnerabilities. As of 27.01.2019, the plugin has over 20.000 active installations and round about 500.000 downloads. A shortcode provid...

Magento Multiple Vulnerabilities (Nov 2018)

Magento is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:magentocommerce:magento"; if...

WordPress WooCommerce Plugin Privilege Escalation Vulnerability - Windows

The WooCommerce Plugin for WordPress is prone to a privilege escalation vulnerability. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

WordPress WooCommerce Plugin < 3.2.4 Privilege Escalation Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.112486";...

Design/Logic Flaw

In the Automattic WooCommerce plugin before 3.2.4 for WordPress, an attack is possible after gaining access to the target site with a user account that has at least Shop manager privileges. The attacker then constructs a specifically crafted string that will turn into a PHP object injection...

CVE-2017-18356

In the Automattic WooCommerce plugin before 3.2.4 for WordPress, an attack is possible after gaining access to the target site with a user account that has at least Shop manager privileges. The attacker then constructs a specifically crafted string that will turn into a PHP object injection...

CVE-2018-20718

In Pydio before 8.2.2, an attack is possible via PHP Object Injection because a user is allowed to use the $phpserial$a:0: syntax to store a preference. An attacker either needs a "public link" of a file, or access to any unprivileged user account for creation of such a link...