Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3587 matches found

NVD
NVDadded 2017/11/15 4:29 p.m.16 views

CVE-2014-4000

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserializestripslashes...

8.8CVSS8.7AI score0.011EPSS
Exploits0References4
CVE
CVEadded 2017/11/15 4:0 p.m.73 views

CVE-2014-4000

CVE-2014-4000 affects Cacti prior to 1.0.0. A remote authenticated attacker can trigger PHP object injection via a crafted serialized object (unserialize(stripslashes())) to execute arbitrary PHP code. Public references confirm impact and recommend upgrading to 1.0.0+ (or newer versions such as 1...

8.8CVSS8.5AI score0.011EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVEadded 2017/11/15 4:0 p.m.29 views

CVE-2014-4000

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserializestripslashes...

8.8CVSS8.8AI score0.011EPSS
Exploits0
Cvelist
Cvelistadded 2017/11/15 4:0 p.m.24 views

CVE-2014-4000

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserializestripslashes...

8.7AI score0.011EPSS
Exploits0References4
WPVulnDB
WPVulnDBadded 2017/11/08 12:0 a.m.29 views

WPML Translation Management <= 2.4.1 - PHP Object Injection

The wpml-translation-management WordPress plugin was affected by a PHP Object Injection security vulnerability...

1.8AI score
Exploits0Affected Software1
Metasploit
Metasploitadded 2017/11/01 3:9 p.m.29 views

Tuleap 9.6 Second-Order PHP Object Injection

This module exploits a Second-Order PHP Object Injection vulnerability in Tuleap 'Tuleap 9.6 Second-Order PHP Object Injection', 'Description' = %q This module exploits a Second-Order PHP Object Injection vulnerability in Tuleap = 9.6 which could be abused by authenticated users to execute...

8.8CVSS7.8AI score0.73892EPSS
Exploits6
exploitpack
exploitpackadded 2017/10/30 12:0 a.m.16 views

WordPress Plugin Ultimate Product Catalog 4.2.24 - PHP Object Injection

WordPress Plugin Ultimate Product Catalog 4.2.24 - PHP Object Injection Exploit Title: WP Plugin Ultimate Product Catalog 4.2.24 PHP Object Injection Google Dork: NA Date: Okt 30 2017 Exploit Author: tomplixsee Author blog : cupuzone.wordpress.com Vendor Homepage:...

0.2AI score
Exploits0
Exploit DB
Exploit DBadded 2017/10/30 12:0 a.m.51 views

WordPress Plugin Ultimate Product Catalog 4.2.24 - PHP Object Injection

Exploit Title: WP Plugin Ultimate Product Catalog 4.2.24 PHP Object Injection Google Dork: NA Date: Okt 30 2017 Exploit Author: tomplixsee Author blog : cupuzone.wordpress.com Vendor Homepage: http://www.etoilewebdesign.com/plugins/ultimate-product-catalog/ Software Link:...

7.4AI score
Exploits0
0day.today
0day.todayadded 2017/10/30 12:0 a.m.34 views

WordPress Ultimate Product Catalog 4.2.24 Plugin - PHP Object Injection Exploit

Exploit for php platform in category web applications Exploit Title: WP Plugin Ultimate Product Catalog 4.2.24 PHP Object Injection Google Dork: NA Date: Okt 30 2017 Exploit Author: tomplixsee Author blog : cupuzone.wordpress.com Vendor Homepage:...

Exploits0
Patchstack
Patchstackadded 2017/10/30 12:0 a.m.9 views

WordPress Ultimate Product Catalog plugin <= 4.2.24 - PHP Object Injection

A vulnerability exists in UPCPAddToCart function. There the cookie is unserialized which means an attacker can create a malicious user input to create a PHP object injection. Solution Update the plugin...

3.2AI score
Exploits0References1Affected Software1
Packet Storm
Packet Stormadded 2017/10/30 12:0 a.m.46 views

WordPress Ultimate Product Catalog 4.2.24 PHP Object Injection

Exploit Title: WP Plugin Ultimate Product Catalog 4.2.24 PHP Object Injection Google Dork: NA Date: Okt 30 2017 Exploit Author: tomplixsee Author blog : cupuzone.wordpress.com Vendor Homepage: http://www.etoilewebdesign.com/plugins/ultimate-product-catalog/ Software Link:...

7.1AI score
Exploits0
Prion
Prionadded 2017/10/26 6:29 p.m.14 views

Sql injection

The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php...

7.5CVSS9.8AI score0.01674EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2017/10/26 6:29 p.m.1 views

CVE-2017-15919

The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php...

9.8CVSS5.8AI score0.01674EPSS
Exploits0References4
Cvelist
Cvelistadded 2017/10/26 6:0 p.m.31 views

CVE-2017-15919

The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php...

9.9AI score0.01674EPSS
Exploits0References4
CVE
CVEadded 2017/10/26 6:0 p.m.71 views

CVE-2017-15919

The CVE-2017-15919 affects the WordPress plugin Ultimate Form Builder Lite (prior to 1.3.7). The vulnerability is a SQL Injection in wp-admin/admin-ajax.php that can lead to PHP Object Injection. Public notes describe remote exploitation with possibly arbitrary code execution; CVSS data shows hig...

9.8CVSS9.8AI score0.01674EPSS
Exploits0References4Affected Software1
Patchstack
Patchstackadded 2017/10/13 12:0 a.m.8 views

WordPress Invite Anyone plugin <=1.3.18 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability found in WordPress Invite Anyone plugin versions =1.3.18. Solution Update the WordPress Invite Anyone plugin to the latest available version at least version 1.3.19...

4.1AI score
Exploits0Affected Software1
Patchstack
Patchstackadded 2017/10/03 12:0 a.m.5 views

WordPress Appointments plugin <=2.2.1 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability found by Matt Barry WordFence in WordPress Appointments plugin versions =2.2.1. Solution Update the WordPress Appointments plugin to the latest available version at least 2.2.2...

2.9AI score
Exploits0References1Affected Software1
VulnCheck KEV
VulnCheck KEVadded 2017/10/02 12:0 a.m.1 views

VulnCheck KEV: CVE-2017-20207

The Flickr Gallery plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.5.2 via deserialization of untrusted input from the pager parameter. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting this...

9.8CVSS5.8AI score0.00517EPSS
Exploits0References1
WPVulnDB
WPVulnDBadded 2017/10/02 12:0 a.m.12 views

Flickr Gallery <= 1.5.2 - Unauthenticated PHP Object Injection

The flickr-gallery WordPress plugin was affected by an Unauthenticated PHP Object Injection security vulnerability...

2.6AI score
Exploits0References2Affected Software1
VulnCheck KEV
VulnCheck KEVadded 2017/10/02 12:0 a.m.3 views

VulnCheck KEV: CVE-2017-20206

The Appointments plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.2.1 via deserialization of untrusted input from the wpmudevappointments cookie. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting...

9.8CVSS5.8AI score0.00517EPSS
Exploits0References1
Rows per page
Query Builder