Lucene search
+L

45 matches found

prion
prion
added 2018/08/24 9:29 p.m.17 views

Remote code execution

An issue was discovered in EasyLogin Pro through 1.3.0. Encryptor.php contains an unserialize call that can be exploited for remote code execution in the decrypt function, if the attacker knows the key...

6.8CVSS8.4AI score0.09675EPSS
Exploits5References2Affected Software1
cvelist
cvelist
added 2018/08/24 9:0 p.m.17 views

CVE-2018-15576

An issue was discovered in EasyLogin Pro through 1.3.0. Encryptor.php contains an unserialize call that can be exploited for remote code execution in the decrypt function, if the attacker knows the key...

8.4AI score0.09675EPSS
Exploits5References2
cve
cve
added 2018/08/24 9:0 p.m.55 views

CVE-2018-15576

CVE-2018-15576 affects EasyLogin Pro up to version 1.3.0. The vulnerability is in Encryptor.php, where an unserialize call in the decrypt function can lead to remote code execution if an attacker knows the key. Documents indicate public exploitation evidence (Exploit-DB, etc.), confirming a RCE r...

8.1CVSS8.3AI score0.09675EPSS
Exploits5References2Affected Software1
nvd
nvd
added 2018/08/09 7:29 p.m.20 views

CVE-2018-15133

In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in...

8.1CVSS8.3AI score0.76814EPSS
Exploits11References3
prion
prion
added 2018/08/09 7:29 p.m.40 views

Remote code execution

In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in...

6.8CVSS8.2AI score0.76814EPSS
Exploits11References2Affected Software1
cvelist
cvelist
added 2018/08/09 7:0 p.m.32 views

CVE-2018-15133

In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in...

8.3AI score0.76814EPSS
Exploits11References2
debiancve
debiancve
added 2018/08/09 7:0 p.m.41 views

CVE-2018-15133

In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in...

8.1CVSS8.2AI score0.76814EPSS
Exploits11
attackerkb
attackerkb
added 2018/08/09 12:0 a.m.37 views

CVE-2018-15133

In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in...

8.1CVSS8AI score0.76814EPSS
In wildExploits11References3
nvd
nvd
added 2018/04/13 5:29 a.m.23 views

CVE-2018-10085

CMS Made Simple CMSMS through 2.2.6 allows PHP object injection because of an unserialize call in the getdata function of \lib\classes\internal\class.LoginOperations.php. By sending a crafted cookie, a remote attacker can upload and execute code, or delete files...

9.8CVSS9.7AI score0.03926EPSS
Exploits1References1
prion
prion
added 2018/04/13 5:29 a.m.13 views

Code injection

CMS Made Simple CMSMS through 2.2.6 allows PHP object injection because of an unserialize call in the getdata function of \lib\classes\internal\class.LoginOperations.php. By sending a crafted cookie, a remote attacker can upload and execute code, or delete files...

7.5CVSS9.6AI score0.03926EPSS
Exploits1References1Affected Software1
osv
osv
added 2018/04/13 5:29 a.m.4 views

CVE-2018-10085

CMS Made Simple CMSMS through 2.2.6 allows PHP object injection because of an unserialize call in the getdata function of \lib\classes\internal\class.LoginOperations.php. By sending a crafted cookie, a remote attacker can upload and execute code, or delete files...

9.8CVSS5.9AI score0.03926EPSS
Exploits1References1
cvelist
cvelist
added 2018/04/13 5:0 a.m.18 views

CVE-2018-10085

CMS Made Simple CMSMS through 2.2.6 allows PHP object injection because of an unserialize call in the getdata function of \lib\classes\internal\class.LoginOperations.php. By sending a crafted cookie, a remote attacker can upload and execute code, or delete files...

9.7AI score0.03926EPSS
Exploits1References1
openvas
openvas
added 2015/09/08 12:0 a.m.50 views

Amazon Linux: Security Advisory (ALAS-2015-463)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.9AI score0.53166EPSS
Exploits8References2
prion
prion
added 2015/03/30 10:59 a.m.38 views

Design/Logic Flaw

Use-after-free vulnerability in the processnesteddata function in ext/standard/varunserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an...

7.5CVSS8.2AI score0.42593EPSS
Exploits10References21Affected Software9
cve
cve
added 2015/03/30 10:0 a.m.322 views

CVE-2015-2787

The CVE-2015-2787 entry describes a use-after-free in PHP’s unserialize path (process_nested_data in ext/standard/var_unserializer.re) that allows remote code execution via crafted unserialize input. Affected versions are PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7; remediation...

7.5CVSS8.1AI score0.12219EPSS
Exploits5References21Affected Software1
nessus
nessus
added 2015/02/25 12:0 a.m.67 views

SuSE 11.3 Security Update : php53 (SAT Patch Number 10313)

PHP 5.3 was updated to fix three security issues : - Use-after-free vulnerability allowed remote attackers to execute arbitrary code via a crafted unserialize call that leveraged improper handling of duplicate keys within the serialized properties of an object. bnc910659. CVE-2014-8142 -...

7.5CVSS7.5AI score0.53166EPSS
Exploits11References9
nessus
nessus
added 2015/02/13 12:0 a.m.52 views

Amazon Linux AMI : php54 (ALAS-2015-475)

sapi/cgi/cgimain.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a character and lacks a newline character, whi...

7.5CVSS7.7AI score0.53166EPSS
Exploits12References4
prion
prion
added 2015/01/27 8:3 p.m.32 views

Design/Logic Flaw

Use-after-free vulnerability in the processnesteddata function in ext/standard/varunserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate...

7.5CVSS7.8AI score0.53166EPSS
Exploits10References23Affected Software1
cvelist
cvelist
added 2015/01/27 11:0 a.m.41 views

CVE-2015-0231

Use-after-free vulnerability in the processnesteddata function in ext/standard/varunserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate...

8.4AI score0.42593EPSS
Exploits5References23
amazon
amazon
added 2015/01/08 12:0 a.m.75 views

Medium: php54

Issue Overview: Use-after-free vulnerability in the processnesteddata function in ext/standard/varunserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of...

10CVSS8.6AI score0.53166EPSS
Exploits8
Rows per page
Query Builder