466 matches found
Code injection
An issue was discovered in the RENPHO application 3.0.0 for iOS. It transmits JSON data unencrypted to a server without an integrity check, if a user changes personal data in his profile tab e.g., exposure of his birthday or logs into his account i.e., exposure of credentials...
CVE-2007-2383
The Prototype prototypejs framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and...
CVE-2019-16999
CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api/osinstall/v1/device/getNumByStatus URI...
CVE-2019-16999
CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api/osinstall/v1/device/getNumByStatus URI...
Sql injection
CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api/osinstall/v1/device/getNumByStatus URI...
CVE-2019-16999
CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api/osinstall/v1/device/getNumByStatus URI...
CVE-2019-16890
Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments...
CVE-2019-16890
Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments...
Hardcoded credentials
Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments...
CVE-2019-16890
Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments...
CVE-2019-16099
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file...
CVE-2019-16099
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file...
Code injection
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to obtain potentially sensitive stack traces by sending incorrect JSON data to the REST API, such as the rest/json/banners URI...
Cross site request forgery (csrf)
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file...
CVE-2019-16099
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file...
CVE-2019-16101
CVE-2019-16101 affects Silver Peak EdgeConnect SD-WAN prior to version 8.1.7.x. The issue allows remote attackers to trigger the REST API by sending malformed JSON (e.g., to rest/json/banners), potentially causing the system to leak sensitive stack traces. Impact is information disclosure via sta...
Debian DLA-1892-1 : flask security update
Flask, a micro web framework for Python contains a CWE-20: Improper Input Validation vulnerability that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. For Debian 8...
GHSA-5WV5-4VPF-PJ6M Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage
The Pallets Project Flask before 1.0 is affected by unexpected memory usage. The impact is denial of service. The attack vector is crafted encoded JSON data. The fixed version is 1. NOTE this may overlap CVE-2018-1000656...
Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage
The Pallets Project Flask before 1.0 is affected by unexpected memory usage. The impact is denial of service. The attack vector is crafted encoded JSON data. The fixed version is 1. NOTE this may overlap CVE-2018-1000656...
CVE-2019-1010083
The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656...