1305 matches found
inoERP 4.15 - (download) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: inoERP 4.15 - 'download' SQL Injection Exploit Author: Semen Alexandrovich Lyhin Vendor Homepage: http://inoideas.org/ Version: 4.15 CVE: N/A A malicious query can be sent in base64 encoding to unserialize function. It can be...
inoERP 4.15 SQL Injection
Exploit Title: inoERP 4.15 - 'download' SQL Injection Date: 2019-09-13 Exploit Author: Semen Alexandrovich Lyhin Vendor Homepage: http://inoideas.org/ Version: 4.15 CVE: N/A A malicious query can be sent in base64 encoding to unserialize function. It can be deserialized as an array without any...
inoERP 4.15 - download SQL Injection
inoERP 4.15 - download SQL Injection Exploit Title: inoERP 4.15 - 'download' SQL Injection Date: 2019-09-13 Exploit Author: Semen Alexandrovich Lyhin Vendor Homepage: http://inoideas.org/ Version: 4.15 CVE: N/A A malicious query can be sent in base64 encoding to unserialize function. It can be...
inoERP 4.15 - 'download' SQL Injection
Exploit Title: inoERP 4.15 - 'download' SQL Injection Date: 2019-09-13 Exploit Author: Semen Alexandrovich Lyhin Vendor Homepage: http://inoideas.org/ Version: 4.15 CVE: N/A A malicious query can be sent in base64 encoding to unserialize function. It can be deserialized without any sanitization...
EulerOS 2.0 SP2 : php (EulerOS-SA-2019-1865)
According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An out-of-bounds write flaw was found in the fpmlogwrite logging function of PHP's FastCGI Process Manager service. A remote attacker could...
PHP 'unserialize()' Stack Buffer Overflow Vulnerability
Description PHP is prone to a remote stack-based buffer-overflow because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to cause a denial-of-service condition. Due to the nature of this issue, code...
CVE-2016-10948
The Post Indexer plugin before 3.0.6.2 for WordPress has incorrect handling of data passed to the unserialize function...
CVE-2016-10948
The Post Indexer plugin before 3.0.6.2 for WordPress has incorrect handling of data passed to the unserialize function...
Code injection
The Post Indexer plugin before 3.0.6.2 for WordPress has incorrect handling of data passed to the unserialize function...
CVE-2016-10948
CVE-2016-10948 concerns the WordPress Post Indexer plugin, affected when using versions before 3.0.6.2. The root cause is the plugin’s incorrect handling of data passed to the unserialize function, as stated in multiple sources. Public details in the provided documents are limited to this flaw; n...
CVE-2016-10948
The Post Indexer plugin before 3.0.6.2 for WordPress has incorrect handling of data passed to the unserialize function...
Epignosis eFront LMS PHP deserialization code execution vulnerability
Summary A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability. Tested Versions Epignosis...
PHP Laravel Framework 5.5.40 / 5.6.x < 5.6.30 - token Unserialize Remote Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PHP Laravel Framework token Unserialize Remote Command Execution', 'Description' = %q This module exploits a vulnerability in the PHP Laravel...
PHP Laravel Framework Token Unserialize Remote Command Execution Exploit
This Metasploit module exploits a vulnerability in the PHP Laravel Framework for versions 5.5.40, 5.6.x up to 5.6.29. Remote command execution is possible via a correctly formatted HTTP X-XSRF-TOKEN header, due to an insecure unserialize call of the decrypt method in...
PHP Laravel Framework token Unserialize Remote Command Execution
This module exploits a vulnerability in the PHP Laravel Framework for versions 5.5.40, 5.6.x 'PHP Laravel Framework token Unserialize Remote Command Execution', 'Description' = %q This module exploits a vulnerability in the PHP Laravel Framework for versions 5.5.40, 5.6.x = 5.6.29. Remote Command...
Fedora Update for php-brumann-polyfill-unserialize FEDORA-2019-af7bef7165
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 29 Update: php-brumann-polyfill-unserialize-1.0.3-1.fc29
Backports unserialize options introduced in PHP 7.0 to older PHP versions. This was originally designed as a Proof of Concept for Symfony Issue 21090. You can use this package in projects that rely on PHP versions older than P HP 7.0. In case you are using PHP 7.0+ the original unserialize will b...
Fedora 29 : php-brumann-polyfill-unserialize / php-typo3-phar-stream-wrapper2 (2019-af7bef7165)
Two security updates have been released for PharStreamWrapper. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...
Fedora 30 : php-brumann-polyfill-unserialize / php-typo3-phar-stream-wrapper2 (2019-a8121923d5)
Two security updates have been released for PharStreamWrapper. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...
WebERP 4.15 - SQL injection Exploit
Exploit for php platform in category web applications Exploit Title: Blind SQL injection in WebERP. Exploit Author: Semen Alexandrovich Lyhin https://www.linkedin.com/in/semenlyhin/ Vendor Homepage: http://www.weberp.org/ Version: 4.15 A malicious query can be sent in base64 encoding to unseriali...