1715 matches found
Integer overflow
Multiple integer overflows in a "legacy serialization format" parser in AppKit in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via a crafted serialized property list...
Input validation
PHP 5.2.1 allows context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with S:, which does not properly track the number of input bytes being processed...
CVE-2007-1649
PHP 5.2.1 allows context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with S:, which does not properly track the number of input bytes being processed...
CVE-2007-1649
CVE-2007-1649 affects PHP 5.2.1, where context-dependent attackers can read portions of heap memory by executing certain scripts with a serialized data input string starting with S:, due to improper tracking of input bytes. This VUL is documented across multiple sources (SUSE, Red Hat, Mandriva a...
php session extension information leak
The phpbinary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information memory contents via a serialized variable entry with a large length value, which triggers a buffer over-read...
CVE-2006-6017
WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service application crash via a string that represents a 1 malformed or 2 large serialized object, because the object...
DEBIAN-CVE-2006-6017
WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service application crash via a string that represents a 1 malformed or 2 large serialized object, because the object...
CVE-2006-6017
WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service application crash via a string that represents a 1 malformed or 2 large serialized object, because the object...
CVE-2006-6017
WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service application crash via a string that represents a 1 malformed or 2 large serialized object, because the object...
PT-2006-6664 · WordPress · Wordpress
Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 2.0.5 Description: The issue allows remote authenticated users to cause a denial of service, resulting in an application crash. This occurs when a string representation of a serialized object is not properly stored...
GLSA-200611-10 : WordPress: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200611-10 WordPress: Multiple vulnerabilities 'random' discovered that users can enter serialized objects as strings in their profiles that will be harmful when unserialized. 'adapter' found out that user-edit.php fails to...
WordPress: Multiple vulnerabilities
Background WordPress is a PHP and MySQL based multiuser blogging system. Description "random" discovered that users can enter serialized objects as strings in their profiles that will be harmful when unserialized. "adapter" found out that user-edit.php fails to effectively deny non-permitted user...
php iCalendar <= 2.21 (Cookie) Remote Code Execution Exploit
Exploit for unknown platform in category web applications ============================================================ php iCalendar arbitrary local inclusion through cookies\r\n"; echo "by rgod rgodautisticiorg\r\n"; short explaination: phpICal stores language & template user preferences inside...
CVE-2005-3583
The CVE-2005-3583 entry concerns Oracle/Sun Java Runtime Environment (JRE) and Software Development Kit (SDK) versions 1.4.2_08, 1.4.2_09, and 1.5.0_05 (and possibly others) that allow remote attackers to cause a denial of service by sending a crafted serialized object (e.g., a font object), whic...
Remotely DoSing JBoss 4.0.2 with serialized java objects
=+============================================================= Remotely DoSing JBoss 4.0.2 with serialized java objects Implications of serialisation vulnerabilies in JDK =+============================================================= Author: Marc Schoenefeld , illegalaccess.org...