PT-2023-5455 · Unknown · Phppgadmin

Name of the Vulnerable Software and Affected Versions: phpPgAdmin versions 7.14.4 and earlier Description: The issue is related to the unserialize function in the phpPgAdmin web tool for administering PostgreSQL databases, which is vulnerable due to shortcomings in the deserialization mechanism...

WordPress Ad Inserter Plugin < 2.7.27 Code Injection Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adinserterproject:adinserter"; ifdescription...

CVE-2023-1196

The Advanced Custom Fields ACF Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present...

CVE-2023-1196 Advanced Custom Fields - Contributor+ PHP Object Injection

The Advanced Custom Fields ACF Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present...

PT-2023-16812 · WordPress · Advanced Custom Fields Pro

Name of the Vulnerable Software and Affected Versions: Advanced Custom Fields ACF Free and Pro WordPress plugins versions 5.x through 5.12.4 Advanced Custom Fields ACF Free and Pro WordPress plugins versions 6.x through 6.0.x Description: The issue allows users with a role of Contributor and abov...

CVE-2020-29312

An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function. Note: This has been disputed by third parties as incomplete and incorrect. The framework does not have a version that surpasses 2.x.x and was deprecated in early 202...

CVE-2020-29312

An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function. Note: This has been disputed by third parties as incomplete and incorrect. The framework does not have a version that surpasses 2.x.x and was deprecated in early 202...

Design/Logic Flaw

An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function...

CVE-2020-29312

An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function. Note: This has been disputed by third parties as incomplete and incorrect. The framework does not have a version that surpasses 2.x.x and was deprecated in early 202...

PT-2023-11776 · Zend · Zend Framework

Name of the Vulnerable Software and Affected Versions: Zend Framework versions prior to 2.x.x Description: The issue allows a remote attacker to execute arbitrary code via the unserialize function. Note that the information about version 3.1.3 has been disputed by third parties as incomplete and...

CVE-2020-29312

CVE-2020-29312 affects Zend Framework in versions up to 3.1.3 (and before) and is described as allowing a remote attacker to execute arbitrary code via the unserialize function. The connected records corroborate the issue scope (Zend Framework, unserialize-based code execution, deprecated status ...

CVE-2020-29312

An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function. Note: This has been disputed by third parties as incomplete and incorrect. The framework does not have a version that surpasses 2.x.x and was deprecated in early 202...

Spitfire CMS 1.0.475 - PHP Object Injection

Exploit Title: Spitfire CMS 1.0.475 - PHP Object Injection Exploit Author: LiquidWorm Vendor: Claus Muus Product web page: http://spitfire.clausmuus.de Affected version: 1.0.475 Summary: Spitfire is a system to manage the content of webpages. Desc: The application is prone to a PHP Object Injecti...

Debian: Security Advisory (DLA-341-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

K000132775: DOMPDF vulnerabilities CVE-2023-23924 and CVE-2023-24813

Security Advisory Description CVE-2023-23924 Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing tags with uppercase letters. This may lead to arbitrary object unserialize on PHP 8, through the phar URL wrapper. An attacker can exploit...

K16021: PHP vulnerability CVE-2014-8142

Security Advisory Description Use-after-free vulnerability in the processnesteddata function in ext/standard/varunserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages imprope...

K16486: PHP vulnerability CVE-2015-2787

Security Advisory Description Use-after-free vulnerability in the processnesteddata function in ext/standard/varunserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of...

K12253: PHP vulnerability CVE-2010-2225

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

Design/Logic Flaw

The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to track viewed products and user data, which could lead to PHP Object Injection...

SUSE CVE-2004-1019

The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow"...