Lucene search
K

1318 matches found

exploitpack
exploitpack
added 2014/10/12 12:0 a.m.57 views

Pimcore CMS 1.4.9 2.1.0 - Multiple Vulnerabilities

Pimcore CMS 1.4.9 2.1.0 - Multiple Vulnerabilities Vulnerabilities in Pimcore 1.4.9 to 2.1.0 inclusive Discovered by Pedro Ribeiro [email protected] of Agile Information Security ==================================================================== Disclosure: 14/04/2014 / Last updated: 12/10/2014...

7.5CVSS0.5AI score0.07255EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2014/10/12 12:0 a.m.281 views

Amazon Linux AMI : php55 (ALAS-2014-372)

acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file. A denial of service flaw was found in the way the File Information fileinfo extension parsed certain Composite Document...

7.5CVSS7.7AI score0.30128EPSS
Exploits5References9
Tenable Nessus
Tenable Nessus
added 2014/10/12 12:0 a.m.55 views

Amazon Linux AMI : php (ALAS-2014-393)

A denial of service flaw was found in the way the File Information fileinfo extension parsed certain Composite Document Format CDF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. acinclude.m4, as used in the configure script...

7.5CVSS7.8AI score0.30128EPSS
Exploits4References8
NVD
NVD
added 2014/10/07 2:55 p.m.28 views

CVE-2014-7235

htdocsari/includes/login.php in the ARI Framework module/Asterisk Recording Interface ARI in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ariauth cookie, related to the PHP unserialize function, as exploited in the wild in...

10CVSS7.7AI score0.4299EPSS
Exploits4References7
Cvelist
Cvelist
added 2014/10/07 2:0 p.m.30 views

CVE-2014-7235

htdocsari/includes/login.php in the ARI Framework module/Asterisk Recording Interface ARI in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ariauth cookie, related to the PHP unserialize function, as exploited in the wild in...

7.7AI score0.4299EPSS
Exploits4References7
CVE
CVE
added 2014/10/07 2:0 p.m.202 views

CVE-2014-7235

CVE-2014-7235 affects the ARI Framework/FreePBX Asterisk Recording Interface login.php. An unauthenticated remote attacker can exploit via the ari_auth cookie to trigger unserialize-based code execution, with exploitation observed publicly and in the wild around 2014. Affected versions include Fr...

10CVSS9.6AI score0.4299EPSS
Exploits4References7Affected Software2
Prion
Prion
added 2014/10/03 2:55 p.m.19 views

Design/Logic Flaw

The News ttnews extension before 3.5.2 for TYPO3 allows remote attackers to have unspecified impact via vectors related to an "insecure unserialize" issue...

7.5CVSS7.6AI score0.01309EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2014/10/03 2:0 p.m.18 views

CVE-2014-6290

The News ttnews extension before 3.5.2 for TYPO3 allows remote attackers to have unspecified impact via vectors related to an "insecure unserialize" issue...

7AI score0.01309EPSS
Exploits0References2
Check Point Advisories
Check Point Advisories
added 2014/09/21 12:0 a.m.21 views

PHP unserialize Call SPL ArrayObject and SPLObjectStorage Memory Corruption (CVE-2014-3515)

A memory corruption vulnerability exists in PHP. The vulnerability is due to type confusion in the unserialize function for SPL ArrayObject and SPLObjectStorage. An attacker can exploit this vulnerability if the application uses the vulnerable function...

7.5CVSS3.1AI score0.30128EPSS
Exploits4
FreeBSD
FreeBSD
added 2014/08/14 12:0 a.m.57 views

PHP multiple vulnerabilities

The PHP Team reports: insecure temporary file use in the configure script unserialize SPL ArrayObject / SPLObjectStorage Type Confusion Heap buffer over-read in DateInterval fileinfo: cdfreadshortsector insufficient boundary check fileinfo: CDF infinite loop in nelements DoS fileinfo: fileinfo:...

7.5CVSS8.1AI score0.30128EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2014/08/07 12:0 a.m.74 views

Oracle Linux 5 / 6 : php53 / and / php (ELSA-2014-1012)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1012 advisory. - core: type confusion issue in phpinfo. CVE-2014-4721 - date: fix heap-based buffer over-read in DateInterval. CVE-2013-6712 - core: fix heap-base...

7.5CVSS7.6AI score0.30128EPSS
Exploits7References12
RedHat Linux
RedHat Linux
added 2014/08/06 6:5 a.m.3 views

php: unserialize() SPL ArrayObject / SPLObjectStorage type confusion flaw

A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes' unserialize method. A remote attacker able to submit specially crafted input to a PHP application, which would then unserialize this input using one of the aforementioned methods, could use this flaw to execute...

7.5CVSS7.6AI score0.30128EPSS
Exploits4References4
RedHat Linux
RedHat Linux
added 2014/08/06 5:14 a.m.4 views

php: unserialize() SPL ArrayObject / SPLObjectStorage type confusion flaw

A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes' unserialize method. A remote attacker able to submit specially crafted input to a PHP application, which would then unserialize this input using one of the aforementioned methods, could use this flaw to execute...

7.5CVSS7.6AI score0.30128EPSS
Exploits4References4
Oracle linux
Oracle linux
added 2014/08/06 12:0 a.m.67 views

php53 and php security update

5.3.3-27.1 - core: type confusion issue in phpinfo. CVE-2014-4721 - date: fix heap-based buffer over-read in DateInterval. CVE-2013-6712 - core: fix heap-based buffer overflow in DNS TXT record parsing. CVE-2014-4049 - core: unserialize SPL ArrayObject / SPLObjectStorage type confusion flaw...

7.5CVSS1.7AI score0.30128EPSS
Exploits7
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

SugarCRM <= 6.3.1 unserialize() PHP Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.25 views

CubeCart 5.2.0 (cubecart.class.php) PHP Object Injection Vulnerability

No description provided by source. ------------------------------------------------------------------------- CubeCart = 5.2.0 cubecart.class.php PHP Object Injection Vulnerability ------------------------------------------------------------------------- - Software Link: http://www.cubecart.com/ -...

7.5CVSS0.1AI score0.07086EPSS
Exploits6
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.33 views

SugarCRM CE <= 6.3.1 "unserialize()" PHP Code Execution

No description provided by source. ?php / ------------------------------------------------------- SugarCRM CE = 6.3.1 unserialize PHP Code Execution ------------------------------------------------------- author...........: Egidio Romano aka EgiX mail.............: n0b0d13satgmaildotcom software...

0.2AI score0.67256EPSS
Exploits13
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.35 views

RunCms <= 1.5.2 (debug_show.php) Remote SQL Injection Exploit

No description provided by source. ?php printr' -------------------------------------------------------------------------- RunCms = 1.5.2 /class/debug/debugshow.php sql injection / credentials disclosure exploit by rgod mail: retrog at alice dot it site: http://retrogod.altervista.org dork: Runcm...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

PHP 4 unserialize() ZVAL Reference Counter Overflow (Cookie)

No description provided by source. $Id: phpunserializezvalcookie.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.68 views

CakePHP <= 1.3.5 / 1.2.8 unserialize() Vulnerability

No description provided by source. Source: http://securityreason.com/securityalert/8026 CakePHP = 1.3.5 / 1.2.8 unserialize Vulnerability felix |at| malloc.im =========================================================================== ==== Overview: CakePHP is a rapid development framework for PH...

7.1AI score
Exploits0
Rows per page
Query Builder