298 matches found
CVE-2017-12635
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit users documents with duplicate keys for 'roles' used for access control within the database, including the special case 'admin' role,...
CVE-2017-12635
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit users documents with duplicate keys for 'roles' used for access control within the database, including the special case 'admin' role,...
CVE-2017-12635
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit users documents with duplicate keys for 'roles' used for access control within the database, including the special case 'admin' role,...
CVE-2017-12635
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit users documents with duplicate keys for 'roles' used for access control within the database, including the special case 'admin' role,...
CVE-2017-12635
CVE-2017-12635 affects Apache CouchDB versions before 1.7.0 and 2.x before 2.1.1, where differences between the Erlang JSON parser and the JavaScript JSON parser allow a user document to contain duplicate roles keys. The second roles key governs authorization for writing the user, while the first...
Debian DLA-1167-1 : ruby-yajl security update
A vulnerability was found in ruby-yajl, an interface to Yajl, a JSON stream-based parser library. When a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajlstringdecode function in yajlencode.c. This may result in a denial of service...
Syntribos: An Open Source API Security Testing Tool
PenTestIT RSS Feed Web application security testing is a multi-faceted and yet important domains today. A few years ago, it was only the front end security tests and then came the backend. As newer endpoints are being exposed, it becomes imperative to test their security too. Syntribos is one suc...
FreeSWITCH < 1.4.26 / 1.6.x < 1.6.5 JSON Parser RCE
The remote FreeSWITCH server is prior to version 1.4.26 or 1.6.x prior to 1.6.5. It is, therefore, affected by a remote code execution vulnerability due to improper validation of user-supplied input to the parsestring function in esljson.c, switchjson.c, and ksjson.c. A remote attacker can exploi...
CVE-2015-7392 Heap overflow in Freeswitch json parser < 1.6.2 & < 1.4.23
Advisory Information Title: Heap overflow in freeswitch json parser 1.6.2 & 1.4.23 Submitter: Marcello Duarte [email protected] Product: freeswitch Product URL: http://freeswitch.org Affected Versions: freeswitch 1.6.2 & 1.4.23 Fixed Versions: 1.6.2 , 1.4.23 Link to source code diff:...
freeswitch Heap Overflow Vulnerability
The JSON parser in freeswitch versions prior to 1.6.2 and 1.4.23 suffer from a heap overflow vulnerability. 1. Advisory Information Title: Heap overflow in freeswitch json parser 1.6.2 & 1.4.23 Submitter: Marcello Duarte email protected Product: freeswitch Product URL: http://freeswitch.org...
CVE-2014-3188
Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors involving JSON data, related to improper parsing of an escaped index by ParseJsonObject in...
ModSecurity v2.8.0 - Open Source Web Application Firewall
ModSecurity ™is an open source, free web application firewall WAF Apache module. With over 70% of all attacks now carried out over the web application level, organizations need all the help they can get in making their systems secure. Changelog v2.8.0 Bug fix Build issue: Now using autotools to...
Ruby on Rails 'convert_json_to_yaml()'方法安全漏洞
BUGTRAQ ID: 57575 CVECAN ID: CVE-2013-0333 Ruby on Rails简称RoR或Rails,是一个使用Ruby语言写的开源Web应用框架,它是严格按照MVC结构开发的。 Ruby on Rails 3.0.20、2.3.16之前版本在解码YAML输入时,JSON Parser的"convertjsontoyaml"方法内存在输入验证错误,可允许执行任意代码。 0 Ruby on Rails 3.x Ruby on Rails 2.x 厂商补丁: Ruby on Rails -------------...
Ruby on Rails 3.0 and 2.3 JSON Parser vulnerability
Overview The Ruby on Rails 3.0 and 2.3 JSON parser contain a vulnerability that may result in arbitrary code execution. Description The Ruby on Rails advisory states:There is a vulnerability in the JSON code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitra...
SuSE 11 Security Update : PHP5 (SAT Patch Number 1015)
This update fixes the JSON parser CVE-2009-1271 and the zip packer code CVE-2009-1272 in php5. Both bugs can lead to a remote denial of service attack. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update...
SuSE 10 Security Update : PHP5 (ZYPP Patch Number 6311)
This update fixes the JSON parser CVE-2009-1271 and the zip packer code CVE-2009-1272 in php5. Both bugs can lead to a remote denial of service attack. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...
No title provided
The JSONparser function ext/json/JSONparser.c in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service segmentation fault via a malformed string to the jsondecode API function...
EUVD-2009-1270
The JSONparser function ext/json/JSONparser.c in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service segmentation fault via a malformed string to the jsondecode API function...