• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-915

CVE-2008-7310

February 26, 2023 by

Spree 0.2.0 does not properly restrict the use of a hash to provide values for a model’s attributes, which allows remote attackers to set the Order state value and bypass the intended payment step via a modified URL, related to a “mass assignment” vulnerability.

CVE-2008-1013

February 26, 2023 by

Apple QuickTime before 7.4.5 enables deserialization of QTJava objects by untrusted Java applets, which allows remote attackers to execute arbitrary code via a crafted applet.

CVE-2007-5741

February 26, 2023 by

Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.

CVE-2019-9057

February 26, 2023 by

An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection.

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE