Updated egroupware package fixes security vulnerability

eGroupware prior to 1.8.006.20140217 is vulnerable to remote file deletion and possible remote code execution due to user input being passed to PHP's unserialize method CVE-2014-2027...

WordPress < 3.6.1 PHP object injection vulnerability-vulnerability warning-the black bar safety net

0x00 background When I read an article about the Joomla“PHP object injection”vulnerability in a blog post, I dug deep it found Stefan Esser God in 2 0 1 0 annual black hat conference articles: http://media.blackhat.com/bh-us- ... Exploits-slides. pdf This article has mentioned in PHP unserialize...

Code injection

wp-includes/functions.php in WordPress before 3.6.1 does not properly determine whether data has been serialized, which allows remote attackers to execute arbitrary code by triggering erroneous PHP unserialize operations...

Invision Power Board 3.3.4 Code Execution

?php / ---------------------------------------------------------------- Invision Power Board = 3.3.4 "unserialize" PHP Code Execution ---------------------------------------------------------------- author..............: Egidio Romano aka EgiX mail................: n0b0d13satgmaildotcom software...

CVE-2010-2225

Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function...

CVE-2009-4137

The loadContentFromCookie function in core/Cookie.php in Piwik before 0.5 does not validate strings obtained from cookies before calling the unserialize function, which allows remote attackers to execute arbitrary code or upload arbitrary files via vectors related to the destruct function in the...