2 matches found
Deserialization of Untrusted Data
Overview codeception/codeception is a Full-stack testing PHP framework. Affected versions of this package are vulnerable to Deserialization of Untrusted Data. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validatio...
PT-2015-3394 · Samba +5 · Samba +5
Name of the Vulnerable Software and Affected Versions: Samba versions prior to 4.1.22 Description: The issue is related to the LDAP server in the AD domain controller in Samba, where it fails to check return values for successful ASN.1 memory allocation. This allows remote attackers to cause a...