SUSE CVE-2013-1802

The extlib gem 0.9.15 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for 1 YAML typ...

Alienvault OSSIM and USM PHP Object Injection Vulnerabilities

AlienVault OSSIM is an open source security information management system.USM is a security management platform that provides security monitoring, security event management and reporting, and a threat awareness system. An object injection vulnerability exists in Alienvault OSSIM and USM, which...

CVE-2014-2027

eGroupware before 1.8.006.20140217 allows remote attackers to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the 1 addrfields or 2 trans parameter to addressbook/csvimport.php, 3 calfields or 4 trans parameter to calendar/csvimport.php, 5...

Slim PHP Framework 'SessionCookie.php' Remote PHP Object Injection Vulnerability

Slim PHP Framework is an American software developer Josh Lockhart developed a set of miniature PHP5 framework , it can be used to create RESTful Web applications and APIs. A remote PHP object injection vulnerability exists in Slim PHP Framework 2.5.0 and earlier versions. An attacker can exploit...

UBUNTU-CVE-2014-1691

The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the formvars form...

DEBIAN-CVE-2013-1802

The extlib gem 0.9.15 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for 1 YAML typ...

UBUNTU-CVE-2013-1800

The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for 1 YAML type...

rubygem-activesupport: Multiple vulnerabilities in parameter parsing in ActionPack

activesupport/coreext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a...