Splashing Images <= 2.1 - Authenticated PHP Object Injection

The Splashing Images WordPress plugin was affected by an Authenticated PHP Object Injection security vulnerability...

SugarCRM's Security Diet - Multiple Vulnerabilities

SugarCRM is one of the most popular customer relationship management solutions. It is available as a commercial edition and as an open-source community edition and is used by more than 2 million individuals in over 120 countries to manage sensitive customer data 1. Lately its security attracted...

Tuleap 9.6 Second-Order PHP Object Injection Exploit

This Metasploit module exploits a Second-Order PHP Object Injection vulnerability in Tuleap 'Tuleap 9.6 Second-Order PHP Object Injection', 'Description' = %q This module exploits a Second-Order PHP Object Injection vulnerability in Tuleap = 9.6 which could be abused by authenticated users to...

Flickr Gallery Plugin for WordPress < 1.5.3 PHP Object Injection

According to its self-reported version, the Flickr Gallery Plugin for WordPress running on the remote web server is prior to 1.5.3. It is, therefore, affected by a PHP object injection vulnerability. An unauthenticated, remote attacker can exploit this to inject PHP objects and execute arbitrary...

RegistrationMagic Plugin for WordPress < 3.7.9.3 PHP Object Injection

According to its self-reported version, the RegistrationMagic Plugin for WordPress running on the remote web server is prior to 3.7.9.3. It is, therefore, affected by a PHP object injection vulnerability. An unauthenticated, remote attacker can exploit this to inject PHP objects, execute arbitrar...

WP Smart Security Plugin for WordPress PHP Object Injection

The WP Smart Security Plugin for WordPress is affected by a PHP object injection vulnerability. This plugin is no longer maintained, therefore all known versions are impacted. This vulnerability could allow a remote, unauthenticated attacker to inject PHP objects and execute arbitrary code. Note...

Appointments Plugin for WordPress < 2.2.2 PHP Object Injection

According to its self-reported version, the Appointments Plugin for WordPress running on the remote web server is prior to 2.2.2. It is, therefore, affected by a PHP object injection vulnerability. An unauthenticated, remote attacker can exploit this to inject PHP objects and execute arbitrary...

Ultimate Form Builder Lite for WordPress < 1.3.7 SQL Injection

According to its self-reported version, the Ultimate Form Builder Lite Plugin for WordPress running on the remote web server is prior to 1.3.7. It is therefore, affected by a SQL Injection vulnerability, resulting in PHP Object Injection exploitation vectors. With a specially crafted request, a...

Cacti < 1.0.0 Multiple Vulnerabilities - Windows

Cacti is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:cacti:cacti"; ifdescription...

Cacti < 1.0.0 Multiple Vulnerabilities - Linux

Cacti is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:cacti:cacti"; ifdescription...

Cacti PHP Object Injection Vulnerability

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool through snmpget to get the data , using RRDtool drawing graphs to analyze , and provide data and user management features . A security vulnerability exists in versions of Cacti prior to 1.0.0...

CVE-2017-1000195

October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server...

CVE-2017-1000195

October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server...

Design/Logic Flaw

October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server...

CVE-2017-1000195

October CMS build 412 is vulnerable to PHP object injection in the asset move functionality, allowing an attacker to delete files on the server within the constraints of file permissions. The vulnerability is triggered through the asset handling path in October CMS, with documented remediation vi...

CVE-2017-1000195

October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server...

WooCommerce <= 3.2.3 - Authenticated PHP Object Injection

Versions 3.2.3 and earlier are affected by an issue where cached queries within shortcodes could lead to object injection. This is related to the recent WordPress 4.8.3 security release. This issue can only be exploited by users who can edit content and add shortcodes, but we still recommend all...

DEBIAN-CVE-2014-4000

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserializestripslashes...

CVE-2014-4000

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserializestripslashes...

Design/Logic Flaw

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserializestripslashes...