CVE-2024-54135 Untrusted Deserialization in ClipBucket-v5 Version 2.0 to 5.5.1 Revision 199

ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 2.0 to Version 5.5.1 Revision 199 are vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/photoupload.php within the decodekey function. User inputs were supplied to this function...

PT-2024-36063

Name of the Vulnerable Software and Affected Versions: ClipBucket-v5 versions 2.0 through 5.5.1 Revision 199 Description: ClipBucket V5 provides open source video hosting with PHP. The issue exists in the upload/photo upload.php file, specifically within the decode key function. This function...

DRUPAL-CONTRIB-2024-062

This module for Drupal provides complete control of Email settings with Drupal and Mailjet. In certain cases the module doesn't securely pass data to PHP's unserialize function, which could result in Remote Code Execution via PHP Object Injection. This vulnerability is mitigated by the fact that ...

DRUPAL-CORE-2024-006

Drupal core contains a potential PHP Object Injection vulnerability that if combined with another exploit could lead to Artbitrary File Deletion. It is not directly exploitable. This issue is mitigated by the fact that in order to be exploitable, a separate vulnerability must be present that allo...

Node export - Moderately critical - Arbitrary PHP code execution - SA-CONTRIB-2024-061

This module allows users to export nodes and then import it into another Drupal installation, or on the same site. In certain cases the module doesn't sufficiently sanitize data before passing it to PHP's unserialize function, which could results in Remote Code Execution via PHP Object Injection...

PT-2024-10088 · Oracle · Eloqua

Name of the Vulnerable Software and Affected Versions: Eloqua versions 7.X- through 7.X-1.15 Description: The issue is related to the deserialization of untrusted data in Drupal Eloqua, allowing object injection. This can be exploited by a remote attacker to execute arbitrary code. The estimated...

CVE-2021-3838 PHAR Deserialization in dompdf/dompdf

DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the filegetcontents function. An attacker who can upload files of any type to the server can pass in the phar:// protocol to unserialize the uploaded file and...

DRUPAL-CONTRIB-2024-052

This module enables you to group nodes within pages that have a highly-granular, distributed permissions structure. In certain cases the module doesn't sufficiently sanitize data before passing it to PHP's unserialize function, which can result in arbitrary code execution...

Monster Menus - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-052

This module enables you to group nodes within pages that have a highly-granular, distributed permissions structure. In certain cases the module doesn't sufficiently sanitize data before passing it to PHP's unserialize function, which can result in arbitrary code execution...

PT-2024-41103 · Ооо 'Аспро' · Аспро: Digital 2.0 +14

Уязвимость функции unserialize платформ управления содержимым сайта Аспро связана с недостатками механизма десериализации. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код с помощью специально сформированного POST-запроса...

Magento XXE Unserialize Arbitrary File Read

This module exploits a XXE vulnerability in Magento 2.4.7-p1 and below which allows an attacker to read any file on the system. Module Options msf use auxiliary/gather/magentoxxecve202434102 msf auxiliarymagentoxxecve202434102 show actions ...actions... msf auxiliarymagentoxxecve202434102 set...

GHSA-M2HP-5X78-74MG Insecure Unserialize Vulnerability in FLOW3

Due to a missing signature HMAC for a request argument, an attacker could unserialize arbitrary objects within FLOW3. To our knowledge it is neither possible to inject code through this vulnerability, nor are there exploitable objects within the FLOW3 Base Distribution. However, there might be...

Insecure Unserialize Vulnerability in FLOW3

Due to a missing signature HMAC for a request argument, an attacker could unserialize arbitrary objects within FLOW3. To our knowledge it is neither possible to inject code through this vulnerability, nor are there exploitable objects within the FLOW3 Base Distribution. However, there might be...

GHSA-C7RJ-92XR-WPRG Insecure Unserialize in TYPO3 Backend

Failing to properly validate incoming data, the suggest wizard is susceptible to insecure unserialize. To exploit this vulnerability a valid backend user account is needed...

Insecure Unserialize in TYPO3 Backend

Failing to properly validate incoming data, the suggest wizard is susceptible to insecure unserialize. To exploit this vulnerability a valid backend user account is needed...

GHSA-XVCP-33RC-J8GQ Insecure Unserialize in TYPO3 Import/Export

Failing to properly validate incoming import data, the Import/Export component is susceptible to insecure unserialize. To exploit this vulnerability a valid backend user account is needed...

Insecure Unserialize in TYPO3 Import/Export

Failing to properly validate incoming import data, the Import/Export component is susceptible to insecure unserialize. To exploit this vulnerability a valid backend user account is needed...

Remote Code Execution (RCE)

titon/framework is vulnerable to remote code execution. The vulnerability is due to calling the unserialize method on unverified cyphertext, which allows an attacker to execute arbitrary code...

Remote Code Execution (RCE)

cart2quote/module-quotation-encoded is vulnerable to Remote Code Execution RCE. The vulnerability is due to the use of the unserialize function when processing data from a GET request, which can be exploited by attackers to execute arbitrary code remotely, particularly when custom file options ar...

Insecure deserialize Vulnerability in FLOW3

Due to a missing signature HMAC for a request argument, an attacker could unserialize arbitrary objects within FLOW3. To our knowledge it is neither possible to inject code through this vulnerability, nor are there exploitable objects within the FLOW3 Base Distribution. However, there might be...