465 matches found
CVE-2020-9463
Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the serverip field in JSON data in an api/internal.php?object=centreonconfigurationremote request...
Cross site request forgery (csrf)
Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the serverip field in JSON data in an api/internal.php?object=centreonconfigurationremote request...
CVE-2020-9463
Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the serverip field in JSON data in an api/internal.php?object=centreonconfigurationremote request...
CVE-2020-9463
Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the serverip field in JSON data in an api/internal.php?object=centreonconfigurationremote request. Recent assessments: kevthehermit at February 28, 2020 7:40pm UTC reported: Centreon is a...
CVE-2020-7980
Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed...
CVE-2020-7980
Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed...
Design/Logic Flaw
Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed...
EulerOS 2.0 SP3 : jansson (EulerOS-SA-2019-2597)
According to the version of the jansson package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service deep recursion, stack consumption, and crash via crafted JS...
DEBIAN-CVE-2014-8179
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation...
Ffuf - Fast Web Fuzzer Written In Go
A fast web fuzzer written in Go. Heavily inspired by the great projects gobuster and wfuzz. Features Fast! Allows fuzzing of HTTP header values, POST data, and different parts of URL, including GET parameter names and values Silent mode -s for clean output that's easy to use in pipes to other...
EulerOS 2.0 SP2 : jansson (EulerOS-SA-2019-2396)
According to the version of the jansson package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service deep recursion, stack consumption, and crash via crafted JS...
Security Advisory - Remote Code Execution Vulnerability in Fastjson
A remote code execution vulnerability exists in the open-source JSON parsing library Fastjson. Remote attackers can send crafted JSON data packets to exploit this vulnerability. Successfully exploit could allow the attacker to execute arbitrary code on the target Fastjson server. Vulnerability ID...
Mersive Solstice 2.8.0 Remote Code Execution
Exploit Title: Mersive Solstice 2.8.0 - Remote Code Execution Google Dork: N/A Date: 2016-12-23 Exploit Author: Alexandre Teyar Vendor Homepage: https://www2.mersive.com/ Firmware Link: http://www.mersive.com/Support/Releases/SolsticeServer/SGE/Android/2.8.0/Solstice.apk Versions: 2.8.0 Tested On...
Exploit for CVE-2019-6715
cve-2019-6715 Shout out to TomNomNom for 99.9% of his cod...
Cross-site scripting in Swagger-UI
A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...
Design/Logic Flaw
CloudCTI HIP Integrator Recognition Configuration Tool allows privilege escalation via its EXQUISE integration. This tool communicates with a service Recognition Update Client Service via an insecure communication channel Named Pipe. The data JSON sent via this channel is used to import data from...
CVE-2019-9745
CloudCTI HIP Integrator Recognition Configuration Tool allows privilege escalation via its EXQUISE integration. This tool communicates with a service Recognition Update Client Service via an insecure communication channel Named Pipe. The data JSON sent via this channel is used to import data from...
CVE-2019-17495
A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...
Design/Logic Flaw
A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...
Code injection
An issue was discovered in the RENPHO application 3.0.0 for iOS. It transmits JSON data unencrypted to a server without an integrity check, if a user changes personal data in his profile tab e.g., exposure of his birthday or logs into his account i.e., exposure of credentials...