1305 matches found
Exploit for Deserialization of Untrusted Data in Laravel
Laravel Remote Code Execution when APPKEY is leaked PoC CVE-...
Remote code execution
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in...
CVE-2018-15133
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in...
CVE-2018-15133
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in...
CVE-2018-15133
CVE-2018-15133 affects Laravel Framework up to 5.5.40 and 5.6.x up to 5.6.29. It enables remote code execution via a deserialization of untrusted data caused by an unserialize of a potentially untrusted X-XSRF-TOKEN value. The issue involves the decrypt method in Illuminate/Encryption/Encrypter.p...
CVE-2018-15133
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in...
CVE-2018-15133
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in...
CVE-2018-15133
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in...
CVE-2018-15133
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in...
Laravel Framework Unserialize Token RCE (CVE-2018-15133)
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in...
PT-2018-12889 · Laravel · Laravel Framework
Name of the Vulnerable Software and Affected Versions: Laravel Framework versions 5.5.0 through 5.5.40 Laravel Framework versions 5.6.0 through 5.6.29 Description: Remote code execution might occur due to an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This issue involves the...
SRC-2018-0032 : Vanilla Forums Gdn_Format unserialize Unserialize Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Vanilla Forums. Authentication is required to exploit this vulnerability, however the authentication can be bypassed. The specific flaw exists within the unserialize function...
GHSA-Q4V7-4RHW-9HQM Code Execution through IIFE in node-serialize
Affected versions of node-serialize can be abused to execute arbitrary code via an immediately invoked function expression IIFE if untrusted user input is passed into unserialize. Recommendation There is no direct patch for this issue. The package author has reviewed this advisory, and provided t...
WordPress Redirection 2.7.1 Deserialization Code Execution
Details ================ Software: Redirection Version: 2.7.1 Homepage: https://wordpress.org/plugins/redirection/ Advisory report: https://advisories.dxw.com/advisories/unserialization-redirection/ CVE: Awaiting assignment CVSS: 9 High; AV:N/AC:L/Au:S/C:C/I:C/A:C Description ================...
php: Use After Free in unserialize()
The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via crafted serialized data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6834...
php: Out-of-bounds heap read on unserialize in finish_nested_data()
The objectcommon1 function in ext/standard/varunserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service buffer over-read and application crash via crafted serialized data that is mishandled in a finishnesteddata call...
php: Use of uninitialized memory in unserialize()
Zend/zendhash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service integer overflow, uninitialized memory access, and use of arbitrary destructor function...
DRUPAL-CONTRIB-2018-022
This module enables you to monitor and manage any number of remote Drupal sites and aggregate useful information for administrators in a central dashboard. The modules DRD and DRD Agent encrypt the data which is exchanged between them but in order to do so, they use the PHP serialize/unserialize...
CVE-2018-10085
CMS Made Simple CMSMS through 2.2.6 allows PHP object injection because of an unserialize call in the getdata function of \lib\classes\internal\class.LoginOperations.php. By sending a crafted cookie, a remote attacker can upload and execute code, or delete files...
Code injection
CMS Made Simple CMSMS through 2.2.6 allows PHP object injection because of an unserialize call in the getdata function of \lib\classes\internal\class.LoginOperations.php. By sending a crafted cookie, a remote attacker can upload and execute code, or delete files...