lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 19 Feb 2014 22:20:05 +0000 From: Pedro Ribeiro <pedrib@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: [CVE-2014-2027] PHP objection insertion / arbitrary file deletion / possible RCE in egroupware <= 1.8.005 Hi Egroupware <= 1.8.005 contains a PHP object insertion vulnerability via unsafe use of the unserialize() function. There are lots of classes with magic methods which appear to be exploitable, some of them possibly for remote code execution. The advisory linked below contains an example of an arbitrary file deletion. The full report can be obtained from my repo in https://github.com/pedrib/PoC/raw/master/egroupware-1.8.005.txt The changelog can be seen at http://www.egroupware.org/changelog and new versions can be obtained from http://www.egroupware.org/download Regards Pedro _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists