Skip to main content

Your Wordpress site could be at risk

Using Wordpress for your website? Your site could be at risk.


The risk of unserializing attacker-controlled data in PHP has been well known since Stefan Essar first presented the issue in detail in 2009[1]. This topic is closely associated with similar vulnerabilities in other languages (see CWE-502[2] and CWE-915[3]). Recent years have also seen several vulnerabilities in the native code implementing unserialization (CVE-2017-12934, CVE-2017-12933, CVE-2017- 12932 et al.) further demonstrating the risk of exposing unserialization to attacker-controlled data. 

This paper will present a novel attack technique specific to PHP which can cause unserialization to occur in a variety of exploitation scenarios. The technique can be used when an XXE vulnerability occurs, as well as such circumstance that would typically be considered an SSRF vulnerability and in a number of other scenarios where the vulnerability would previously have been considered an information disclosure issue.



Popular posts from this blog

Download our Free Satellite List, August 1, 2024

Ivy Stone Place Home of the FREE Worldwide Satellite List Free Satellite Lists Download the list now SMART MINI UPS Power Outage What do you do when the power goes out? Your internet drops out and you're left without access to the outside world. This is where our Uninterruptible Power Supply (UPS) comes in providing you with power.   More information Distributorships Available Contact us Want some free stuff? Check out our FREE STUFF page! FREE HARDWARE AND SOFTWARE Check it out Feel free to download our Satellite / Transponder list, now in EPUB as well as PDF. EPUB greatly reduces the size of the file. This is a reference list (not to be loaded into any meter), download to your PC, laptop, smartphone, etc and carry this reference list with you. This list contains: C-band Ku-band Ka-band -  as a reminder, most meters, receivers, and LNBs in use will not do Ka band. Active and inactive transponders   Sat / TP List Details August 1, 2024 Satellites:  236 Transponders:  6096 DVB-S2: 
Read more

NEW Sathero SH-820HD does H.265

Sathero Meters just released the SH-820HD   Sathero Meters is the long known manufacture of the most advanced and cost effective meters on the market today. Sathero Meters continues to lead the market by introducing their latest high end hand held meter. The SH-820HD is the newest and most advanced meter in the Sathero Meters line of technically advanced meters. The SH-820HD may well be the first of it's kind offering features only found in instruments of much higher cost.  What is the difference between the exitisting SH-810HD and the new SH-820HD ? The main difference and defining feature is the SH-820HD ability to support H.265.   If you don't already know, H.265 is the successor to H.264, which is particularly important for video in 4K and higher resolutions.  Get more information on video compression here. SH-810HD supports H.264 SH-820HD supports H.264 plus H.265  So if you are in the market for a new meter, consider the SH-820HD to avoid the regret of buying a
Read more

July 1, 2024 Satellite List

Ivy Stone Place Home of the FREE Worldwide Satellite List Free Satellite Lists Download the list now Due to some generous donations we will be sending emails once again. Thank you to those who donated. Unfortunately, We were able to only load the full list which may have included some email addresses that were unsubscribed. If you get a email from us that you do not want, please unsubscribe and you will not receive future emails. Please accept our sincerest apologies for this. Sign-up for our Newsletter Hopefully we will be able to continue the lists. Help us out if you can. Please donate if possible. Want some free stuff? Check out our FREE STUFF page! FREE HARDWARE AND SOFTWARE Check it out News and Updates Mailing lists are back! Thank you for donating! We provide a monthly Satellite List that includes the satellite name, location, transponder frequency, symbol rate, polarity, and if the channel is DVB-S2 or DVB-S. Join our mailing list Get unlimited data, talk, text, and hotspot fo
Read more