Lucene search
K

142 matches found

OSV
OSV
added 2019/12/31 6:15 p.m.3 views

DEBIAN-CVE-2019-14466

The GOsaFilterSettings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions in the context of the user account that runs the web server via a crafted cookie value, because unserialize is used to restore...

6.5CVSS7AI score0.01022EPSS
Exploits0References1
CVE0DAY
CVE0DAY
added 2019/03/07 2:6 p.m.283 views

Drupal CVE-2019-6340 Remote Code Execution EXP

Description This Metasploit module exploits a PHP unserialize vulnerability in Drupal RESTful Web Services by sending a crafted request to the /node REST endpoint. As per SA-CORE-2019-003, the initial remediation was to disable POST, PATCH, and PUT, but Ambionics discovered that GET was also...

6.8CVSS0.9AI score0.91919EPSS
Exploits22
Exploit DB
Exploit DB
added 2019/03/07 12:0 a.m.165 views

Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupal RESTful Web Services unserialize RCE', 'Description' = %q This module exploits a PHP unserialize vulnerability in Drupal RESTful Web...

8.1CVSS7.4AI score0.91919EPSS
Exploits22
OSV
OSV
added 2018/08/24 9:29 p.m.5 views

CVE-2018-15576

An issue was discovered in EasyLogin Pro through 1.3.0. Encryptor.php contains an unserialize call that can be exploited for remote code execution in the decrypt function, if the attacker knows the key...

8.1CVSS6.3AI score0.09675EPSS
Exploits5References2
The Hacker News
The Hacker News
added 2018/08/17 9:26 a.m.125 views

New PHP Code Execution Attack Puts WordPress Sites at Risk

Sam Thomas, a security researcher from Secarma, has discovered a new exploitation technique that could make it easier for hackers to trigger critical deserialization vulnerabilities in PHP programming language using previously low-risk considered functions. The new technique leaves hundreds of...

0.7AI score
Exploits0
Vulnrichment
Vulnrichment
added 2018/08/09 7:0 p.m.11 views

CVE-2018-15133

In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in...

8.4AI score0.76814EPSS
Exploits11References2
Positive Technologies
Positive Technologies
added 2018/08/09 12:0 a.m.5 views

PT-2018-12889 · Laravel · Laravel Framework

Name of the Vulnerable Software and Affected Versions: Laravel Framework versions 5.5.0 through 5.5.40 Laravel Framework versions 5.6.0 through 5.6.29 Description: Remote code execution might occur due to an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This issue involves the...

8.1CVSS7.6AI score0.76814EPSS
Exploits11References32
RedHat Linux
RedHat Linux
added 2018/05/03 5:6 a.m.10 views

php: Use of uninitialized memory in unserialize()

Zend/zendhash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service integer overflow, uninitialized memory access, and use of arbitrary destructor function...

9.8CVSS7.6AI score0.1669EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2018/05/03 5:6 a.m.4 views

php: Out-of-bounds heap read on unserialize in finish_nested_data()

The objectcommon1 function in ext/standard/varunserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service buffer over-read and application crash via crafted serialized data that is mishandled in a finishnesteddata call...

7.5CVSS7.3AI score0.13314EPSS
Exploits0References4
OSV
OSV
added 2018/04/25 5:37 p.m.4 views

DRUPAL-CONTRIB-2018-022

This module enables you to monitor and manage any number of remote Drupal sites and aggregate useful information for administrators in a central dashboard. The modules DRD and DRD Agent encrypt the data which is exchanged between them but in order to do so, they use the PHP serialize/unserialize...

7.2AI score
Exploits0References1
Hacker One
Hacker One
added 2017/03/04 10:29 p.m.14 views

Rockstar Games: Unserialize leading to arbitrary PHP function invoke

In this report, the researcher was able to demonstrate a method to run arbitrary PHP functions on www.rockstargames.com. Although we had previously disabled most harmful PHP functions, it was still possible to cause serious damage if this were to be exploited by a malicious party. To solve this...

7AI score
Exploits0
CNVD
CNVD
added 2017/02/13 12:0 a.m.7 views

Node-serialize Package For Node.js 'unserialize()' Function Arbitrary Code Execution Vulnerability

Node.js is an open source, cross-platform, runtime environment for server-side and web applications. Node.js has a security vulnerability in the node-serialize module that allows an attacker to execute arbitrary code via IIFE if the unserialize function input is not secure...

9.8CVSS7.9AI score0.61025EPSS
Exploits5References1
OSV
OSV
added 2017/02/09 7:59 p.m.4 views

CVE-2017-5941

An issue was discovered in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression IIFE...

9.8CVSS6.2AI score0.61025EPSS
Exploits5References5
canvas
canvas
added 2017/01/23 9:59 p.m.557 views

Immunity Canvas: MAGENTO_SET_PAY_INFO

Name| magentosetpayinfo ---|--- CVE| CVE-2016-4010 Exploit Pack| CANVAS Description| Magento unauthenticated unserialize 2.0.6 Notes| Repeatability: Infinite VENDOR: Magento CVE Url: https://vulners.com/cve/CVE-2016-4010 CVE Name: CVE-2016-4010...

7.5CVSS9.6AI score0.92869EPSS
Exploits10
OSV
OSV
added 2016/12/11 2:59 a.m.3 views

UBUNTU-CVE-2016-6620

An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize function without verification that it's valid serialized data. The unserialization can result in code execution because of the interaction with object instantiation and autoloading. All 4.6.x versions prior to 4.6.4...

9.8CVSS7.7AI score0.03189EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2016/11/15 11:40 a.m.3 views

php: Use after free in SNMP with GC and unserialize()

ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service use-after-free and application crash or possibly have unspecified other impac...

9.8CVSS7.4AI score0.05417EPSS
Exploits1References4
0day.today
0day.today
added 2016/10/18 12:0 a.m.20 views

PHP 5.6.26 and 7.0.11 Use After Free in unserialize() Vulnerability

Exploit for php platform in category remote exploits PoC: References: https://bugs.php.net/bug.php?id=73147 0day.today 2018-04-08...

0.9AI score
Exploits0
Saint
Saint
added 2016/09/23 12:0 a.m.27 views

SugarCRM REST deserialization vulnerability

Added: 09/23/2016 BID: 91413 Background SugarCRM is customer relationship management software written in PHP. Problem Improper use of the unserialize function inside the SugarRestSerialize.php script allows remote attackers to inject PHP objects, leading to arbitrary command execution. Resolution...

7.8AI score
Exploits0
OSV
OSV
added 2016/07/25 12:0 a.m.8 views

UBUNTU-CVE-2016-6295

ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service use-after-free and application crash or possibly have unspecified other impac...

9.8CVSS7.2AI score0.05417EPSS
Exploits1References3
phpMyAdmin
phpMyAdmin
added 2016/07/15 12:0 a.m.32 views

Unvalidated data passed to unserialize()

PMASA-2016-43 Announcement-ID: PMASA-2016-43 Date: 2016-07-15 Summary Unvalidated data passed to unserialize Description A vulnerability was reported where some data is passed to the PHP unserialize function without verification that it's valid serialized data. Due to how the PHP function operate...

9.8CVSS7.3AI score0.03189EPSS
Exploits0Affected Software1
Rows per page
Query Builder