3587 matches found
CVE-2015-7816
The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0 allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery SSRF attacks, and execute arbitrary PHP code via a crafted HTTP header...
CVE-2015-7816
The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0 allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery SSRF attacks, and execute arbitrary PHP code via a crafted HTTP header...
CVE-2015-7816
CVE-2015-7816 affects Piwik (renamed Matomo) prior to 2.15.0, where the DisplayTopKeywords function in plugins/Referrers/Controller.php allows PHP object injection, Server-Side Request Forgery (SSRF), and arbitrary PHP code execution via a crafted HTTP header. The issue is caused by insecure hand...
CVE-2015-7816
The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0 allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery SSRF attacks, and execute arbitrary PHP code via a crafted HTTP header...
vBulletin 5.1.2 Unserialize Code Execution
This module exploits a PHP object injection vulnerability in vBulletin 5.1.2 to 5.1.9 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'vBulletin 5.1.2 Unserialize Code Execution', 'Description' ...
vBulletin 5.x.x 远程任意代码执行漏洞
unserialize 实战之 vBulletin 5.x.x 远程代码执行 --- Author: RickGray 知道创宇404安全实验室 近日,vBulletin 的一枚 RCE 利用和简要的分析被曝光,产生漏洞的原因源于 vBulletin 程序在处理 Ajax API 调用的时候,使用 unserialize 对传递的参数值进行了反序列化操作,导致攻击者使用精心构造出的 Payload 直接导致代码执行。关于 PHP 中反序列化漏洞的问题可以参考 OWASP 的《PHP Object Injection》。 使用 原文 提供的 Payload 可以直接在受影响的站点上执行...
Design/Logic Flaw
system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a cookie...
CVE-2015-5687
system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a cookie...
CVE-2015-5687
AnchorCMS 0.9.x is vulnerable to PHP object injection and arbitrary code execution via a crafted serialized object in a cookie. The root cause is the cookie-based session driver failing to filter malicious serialized objects in the cookie, allowing an attacker to inject PHP objects and execute co...
ownCloud: owncloud.com: WP Super Cache plugin is outdated
I know it might be out of scope, but I report it to be sure https://owncloud.org/wp-content/plugins/wp-super-cache/readme.txt shows version 1.4.4 and this version is prone to XSS and PHP Object injection http://z9.io/2015/09/25/wp-super-cache-1-4-5/...
WordPress Super Cache Plugin <= 1.4.4 - PHP Object Injection
This plugin is prone to PHP object injection vulnerability. Solution Update the plugin...
SMF (Simple Machine Forum) 2.0.10 Remote Memory Exfiltration
!/usr/bin/python -- coding: iso-8859-15 -- Title: SMF Simple Machine Forum Filippo Roncari Truel Lab http://lab.truel.it Requirements: SMF = 2.0.10 PHP = 5.6.11 / 5.5.27 / 5.4.43 Advisories: TL-2015-PHP04 http://lab.truel.it/d/advisories/TL-2015-PHP04.txt TL-2015-PHP06...
SMF (Simple Machine Forum) 2.0.10 - Remote Memory Exfiltration
!/usr/bin/python -- coding: iso-8859-15 -- Title: SMF Simple Machine Forum Filippo Roncari Truel Lab http://lab.truel.it Requirements: SMF = 2.0.10 PHP = 5.6.11 / 5.5.27 / 5.4.43 Advisories: TL-2015-PHP04 http://lab.truel.it/d/advisories/TL-2015-PHP04.txt TL-2015-PHP06...
CVE-2015-6828
The tweetinfo function in class/functions.php in the SecureMoz Security Audit plugin 1.0.5 and earlier for WordPress does not use an HTTPS session for downloading serialized data, which allows man-in-the-middle attackers to conduct PHP object injection attacks and execute arbitrary PHP code by...
Design/Logic Flaw
The tweetinfo function in class/functions.php in the SecureMoz Security Audit plugin 1.0.5 and earlier for WordPress does not use an HTTPS session for downloading serialized data, which allows man-in-the-middle attackers to conduct PHP object injection attacks and execute arbitrary PHP code by...
CVE-2015-6828
The tweetinfo function in class/functions.php in the SecureMoz Security Audit plugin 1.0.5 and earlier for WordPress does not use an HTTPS session for downloading serialized data, which allows man-in-the-middle attackers to conduct PHP object injection attacks and execute arbitrary PHP code by...
Anchor CMS PHP Object Injection Vulnerability
Exploit for php platform in category web applications CVE-2015-5687 PHP Object Injection in AnchorCMS ================================================= Out of the box, AnchorCMS defaults to store all session state in a cookie contrast this with only storing a unique identifier in a cookie which...
eFront < 3.6.15.4 Build 18023 Multiple Vulnerabilities
According to its version number, the version of eFront running on the remote web server is affected by multiple vulnerabilities : - A path traversal vulnerability exists due to improper sanitization of user-supplied input to the 'file' parameter of the viewfile.php script. A remote attacker can...
CVE-2015-2945
mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before 2015-05-15 does not properly restrict URLs, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted request, as exploited in the wild in May 2015...
Design/Logic Flaw
mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before 2015-05-15 does not properly restrict URLs, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted request, as exploited in the wild in May 2015...