Remote code execution

An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements method is using the unserialize function with a preference value that can be arbitrarily manipulated by malicious users through the REST API interface, and this can be...

CVE-2017-7411

An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements method is using the unserialize function with a preference value that can be arbitrarily manipulated by malicious users through the REST API interface, and this can be...

CVE-2017-7411

An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements method is using the unserialize function with a preference value that can be arbitrarily manipulated by malicious users through the REST API interface, and this can be...

CVE-2017-7411

An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements method is using the unserialize function with a preference value that can be arbitrarily manipulated by malicious users through the REST API interface, and this can be...

CVE-2017-7411

Summary (CVE-2017-7411): Enalean Tuleap ≤ 9.6 is vulnerable due to User::getRecentElements() using unserialize() with data manipulable via the REST API, enabling injection of arbitrary PHP objects into the app scope and potential Remote Code Execution. Public material describes a second-order PHP...

WordPress Ultimate Product Catalog 4.2.24 Plugin - PHP Object Injection Exploit

Exploit for php platform in category web applications Exploit Title: WP Plugin Ultimate Product Catalog 4.2.24 PHP Object Injection Google Dork: NA Date: Okt 30 2017 Exploit Author: tomplixsee Author blog : cupuzone.wordpress.com Vendor Homepage:...

MarketPress <= 3.2.6 - PHP Object Injection

The MarketPress plugin installs to a directory named wordpress-ecommerce versions 3.2.6 and prior are vulnerable to a PHP Object Injection attack from the cart cookie value stored in connection with this plugin. Send an object to the site using the mpglobalcart cookie value and it will be...

Kaltura 13.1.0 Code Execution / Cross Site Scripting Vulnerabilities

Exploit for php platform in category web applications Advisory: Kaltura - Remote Code Execution and Cross-Site Scripting Release Date: 2017/09/12 Author: Robin Verton email protected CVE: CVE-2017-14141, CVE-2017-14142, CVE-2017-14143 Application: Kaltura = 13.1.0 Risk: Critical Vendor Status:...

Internet Bug Bounty: Heap Use After Free in unserialize()

ext/standard/varunserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zvalgettype function in Zend/zendtypes.h. Exploitation of this issue can have an unspecified impact on the integrity of PHP. This...

Internet Bug Bounty: Out of Bounds Memory Read in unserialize()

The finishnesteddata function in ext/standard/varunserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP. This has been...

Internet Bug Bounty: Heap Use After Free Read in unserialize()

ext/standard/varunserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an...

CVE-2017-12934

ext/standard/varunserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zvalgettype function in Zend/zendtypes.h. Exploitation of this issue can have an unspecified impact on the integrity of PHP...

Remote Code Execution (RCE) Through Deserialization

Subrion CMS is vulnerable to remote code execution RCE. A malicious user can and execute arbitrary code by passing a string of a serialized object to the server through $COOKIE'salt' when submitting a login request. This causes the server to execute the unserialize function that will result in...

Internet Bug Bounty: Use-after-free in PHP7's unserialize()

The bug submitted at: https://bugs.php.net/bug.php?id=74614 The fix committed at: https://github.com/php/php-src/commit/d02f953faf4afdd1576acb1380e4cd3c050ac599...

Automattic: Object Injection in Woocommerce / Handle PDT Responses from PayPal

At this moment prevention from object injection is in the following line of code: pregmatch '/^a:2:/', $rawcustom && ! pregmatch '/CO:+?0-9+:"/', $rawcustom && $custom = maybeunserialize $rawcustom but the PHP native unserialize function supports little o as option in it and it is a StdClass...

F5 Networks BIG-IP : PHP vulnerability (K30363030)

splarray.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and application crash via crafted...

EulerOS 2.0 SP1 : php (EulerOS-SA-2017-1067)

According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Zend/zendexceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service infinite loop...

Drupal 7. x Service Module SQLi & RCE vulnerability analysis and EXP-vulnerability warning-the black bar safety net

Drupal 7. x Service Module SQLi & RCE In the audit of the Drupal Service module when it is detected on the unserializefunction of a insecure call. Through the vulnerability, can lead to permission to escape, SQL injection, and remote code execution. 0x00 Service Module In Drupal, the Service modu...

Drupal 7.x Services module unserialize() to RCE

Upon auditing Drupal's Services module, the Ambionics team came accross an insecure use of unserialize. The exploitation of the vulnerability allowed for privilege escalation, SQL injection and, finally, remote code execution. Services module Services is a "standardized solution for building API'...

Rockstar Games: Unserialize leading to arbitrary PHP function invoke

In this report, the researcher was able to demonstrate a method to run arbitrary PHP functions on www.rockstargames.com. Although we had previously disabled most harmful PHP functions, it was still possible to cause serious damage if this were to be exploited by a malicious party. To solve this...