GHSA-R33W-FG8J-9C94 MagicLink: Insecure Deserialization of MagicLink Actions Leads to Remote Code Execution

Description MagicLink stores serialized action objects in the magiclinks.action database column and deserializes them without integrity validation or class allowlisting in src/MagicLink.php and src/Actions/ResponseAction.php. An attacker with the ability to manipulate database records e.g., via S...

EUVD-2018-17830

Malware in sbrugna...

EUVD-2020-4702

Malware in sbrugna...

EUVD-2021-1107

Malware in sbrugna...

USN-6936-1 libcommons-collections3-java vulnerability

It was discovered that Apache Commons Collections allowed serialization support for unsafe classes by default. A remote attacker could possibly use this issue to execute arbitrary code...

PHP WDDX Serializier Data Injection Vulnerability-vulnerability warning-the black bar safety net

PHP WDDX Serializier Data Injection Vulnerability Taoguang Chen - 2014.11.2 PHP in the array is serialized into a WDDX structure of the process, there is no array key name strictly limited, can lead to falsification of the object WDDX structure. i serialize the object PHP in the object is...