Lucene search
K

1715 matches found

Prion
Prion
added 2008/03/18 10:44 p.m.25 views

Integer overflow

Multiple integer overflows in a "legacy serialization format" parser in AppKit in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via a crafted serialized property list...

6.8CVSS7.7AI score0.03089EPSS
Exploits1References8Affected Software2
Prion
Prion
added 2007/03/24 12:19 a.m.25 views

Input validation

PHP 5.2.1 allows context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with S:, which does not properly track the number of input bytes being processed...

7.8CVSS6.5AI score0.0721EPSS
Exploits1References6Affected Software1
UbuntuCve
UbuntuCve
added 2007/03/24 12:19 a.m.24 views

CVE-2007-1649

PHP 5.2.1 allows context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with S:, which does not properly track the number of input bytes being processed...

7.8CVSS5.9AI score0.0721EPSS
Exploits1References1
CVE
CVE
added 2007/03/24 12:0 a.m.76 views

CVE-2007-1649

CVE-2007-1649 affects PHP 5.2.1, where context-dependent attackers can read portions of heap memory by executing certain scripts with a serialized data input string starting with S:, due to improper tracking of input bytes. This VUL is documented across multiple sources (SUSE, Red Hat, Mandriva a...

7.8CVSS9.3AI score0.0721EPSS
Exploits1References6Affected Software1
RedHat Linux
RedHat Linux
added 2007/02/22 11:11 a.m.10 views

php session extension information leak

The phpbinary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information memory contents via a serialized variable entry with a large length value, which triggers a buffer over-read...

5CVSS6AI score0.09082EPSS
Exploits1References4
OSV
OSV
added 2006/11/21 11:7 p.m.8 views

CVE-2006-6017

WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service application crash via a string that represents a 1 malformed or 2 large serialized object, because the object...

6.5AI score
Exploits0References4
OSV
OSV
added 2006/11/21 11:7 p.m.3 views

DEBIAN-CVE-2006-6017

WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service application crash via a string that represents a 1 malformed or 2 large serialized object, because the object...

6.5CVSS6.7AI score0.0226EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2006/11/21 11:0 p.m.9 views

CVE-2006-6017

WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service application crash via a string that represents a 1 malformed or 2 large serialized object, because the object...

6.4AI score0.0226EPSS
Exploits0References3
Cvelist
Cvelist
added 2006/11/21 11:0 p.m.35 views

CVE-2006-6017

WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service application crash via a string that represents a 1 malformed or 2 large serialized object, because the object...

6.3AI score0.0226EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2006/11/21 12:0 a.m.7 views

PT-2006-6664 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 2.0.5 Description: The issue allows remote authenticated users to cause a denial of service, resulting in an application crash. This occurs when a string representation of a serialized object is not properly stored...

6.5CVSS6.8AI score0.0226EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2006/11/20 12:0 a.m.30 views

GLSA-200611-10 : WordPress: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200611-10 WordPress: Multiple vulnerabilities 'random' discovered that users can enter serialized objects as strings in their profiles that will be harmful when unserialized. 'adapter' found out that user-edit.php fails to...

6CVSS5.6AI score0.03432EPSS
Exploits0References4
Gentoo Linux
Gentoo Linux
added 2006/11/17 12:0 a.m.29 views

WordPress: Multiple vulnerabilities

Background WordPress is a PHP and MySQL based multiuser blogging system. Description "random" discovered that users can enter serialized objects as strings in their profiles that will be harmful when unserialized. "adapter" found out that user-edit.php fails to effectively deny non-permitted user...

6CVSS6.3AI score0.03432EPSS
Exploits0
0day.today
0day.today
added 2006/03/15 12:0 a.m.53 views

php iCalendar <= 2.21 (Cookie) Remote Code Execution Exploit

Exploit for unknown platform in category web applications ============================================================ php iCalendar arbitrary local inclusion through cookies\r\n"; echo "by rgod rgodautisticiorg\r\n"; short explaination: phpICal stores language & template user preferences inside...

7.1AI score
Exploits0
CVE
CVE
added 2005/11/16 7:37 a.m.60 views

CVE-2005-3583

The CVE-2005-3583 entry concerns Oracle/Sun Java Runtime Environment (JRE) and Software Development Kit (SDK) versions 1.4.2_08, 1.4.2_09, and 1.5.0_05 (and possibly others) that allow remote attackers to cause a denial of service by sending a crafted serialized object (e.g., a font object), whic...

7.8CVSS7.1AI score0.02887EPSS
Exploits0References4Affected Software2
securityvulns
securityvulns
added 2005/11/05 12:0 a.m.47 views

Remotely DoSing JBoss 4.0.2 with serialized java objects

=+============================================================= Remotely DoSing JBoss 4.0.2 with serialized java objects Implications of serialisation vulnerabilies in JDK =+============================================================= Author: Marc Schoenefeld , illegalaccess.org...

7.3AI score
Exploits0
Rows per page
Query Builder