EUVD-2009-4107

Malware in sbrugna...

CVE-2025-11345 ILIAS Test Import unserialize deserialization

A flaw has been found in ILIAS up to 8.23/9.13/10.1. Affected by this issue is the function unserialize of the component Test Import. This manipulation causes deserialization. It is possible to initiate the attack remotely. Upgrading to version 8.24, 9.14 and 10.2 can resolve this issue. Upgradin...

CVE-2021-21956

A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360 5.10.2. A specially-crafted malformed file can lead to potential arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability...

WordPress 插件代码问题漏洞

WordPress Plugin is an open source application plugin for WordPress. A code issue vulnerability exists in the WordPress plugin Bold Page Builder prior to version 3.1.6, which stems from the plugin's btbbgetgrid AJAX operation passing user input into the unserialize function without any validation...

The vulnerability of the PHP interpreter, which allows a remote attacker to execute arbitrary code

The vulnerability of the PHP interpreter in the processnesteddata function ext/standard/varunserializer.re lies in the use of memory after it is freed. As a result of exploiting this vulnerability, a malicious actor who operates remotely can execute arbitrary code through a specially crafted...

DOKEOS SSO Authentication Bypass Vulnerability

Dokeos is an open source online education and course management system. A security vulnerability exists in DOKEOS. The vulnerability is caused by a variable type obfuscation error when comparing passwords to unserializable strings during authentication, SSO authentication is not possible...

php: type confusion issue in unserialize() with various SOAP methods

Multiple flaws were discovered in the way PHP's Soap extension performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to disclose portion of its memory or crash...

php: exception:: getTraceAsString type confusion issue after unserialize

A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrary code...

php: exception:: getTraceAsString type confusion issue after unserialize

A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrary code...

php: type confusion issue in unserialize() with various SOAP methods

Multiple flaws were discovered in the way PHP's Soap extension performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to disclose portion of its memory or crash...

php: type confusion issue in unserialize() with various SOAP methods

Multiple flaws were discovered in the way PHP's Soap extension performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to disclose portion of its memory or crash...

php: SoapClient's do_soap_call() type confusion after unserialize()

A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrary code...

php: exception:: getTraceAsString type confusion issue after unserialize

A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrary code...

php: SoapClient's do_soap_call() type confusion after unserialize()

A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrary code...

php: type confusion issue in unserialize() with various SOAP methods

Multiple flaws were discovered in the way PHP's Soap extension performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to disclose portion of its memory or crash...

php: type confusion issue in unserialize() with various SOAP methods

Multiple flaws were discovered in the way PHP's Soap extension performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to disclose portion of its memory or crash...

php: exception:: getTraceAsString type confusion issue after unserialize

A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrary code...

MyBB < 1.8.3 / 1.6.16 Multiple Vulnerabilities

Binary data 8612.prm...

php: unserialize() SPL ArrayObject / SPLObjectStorage type confusion flaw

A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes' unserialize method. A remote attacker able to submit specially crafted input to a PHP application, which would then unserialize this input using one of the aforementioned methods, could use this flaw to execute...

php53 and php security update

5.3.3-27.1 - core: type confusion issue in phpinfo. CVE-2014-4721 - date: fix heap-based buffer over-read in DateInterval. CVE-2013-6712 - core: fix heap-based buffer overflow in DNS TXT record parsing. CVE-2014-4049 - core: unserialize SPL ArrayObject / SPLObjectStorage type confusion flaw...