CVE-2018-9995

TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin"...

CVE-2018-9995

TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a “Cookie: uid=admin”...

CVE-2017-8046

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 Ingalls SR9, versions prior to 3.0.1 Kay SR1 and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code...

Spring data rest 远程代码执行(cve-2017-8046)

漏洞描述 漏洞描述 Spring Data Rest 在处理 PATCH 请求时存在RCE高危漏洞, 可以使用手工构造的JSON数据构造恶意PATCH请求提交至spring-data-rest服务器，使得服务器运行恶意JAVA代码。Spring Data Rest项目的目标是提供一种灵活的、可配置的机制，编写出可以对外暴露出HTTP协议的简单服务。 Git地址: https://github.com/spring-projects/spring-data-rest 漏洞来源: https://pivotal.io/security/cve-2017-8046 影响版本： Spring...

Node.js third-party modules: Prototype pollution attack (defaults-deep)

As discussed in 309391, here's the separate report for each of the library. This one is the information for the defaults-deep library. Module: https://www.npmjs.com/package/defaults-deep Summary: Utilities function in all the listed modules can be tricked into modifying the prototype of "Object"...

PT-2018-5359 · Ethereum · Cpp-Ethereum

Name of the Vulnerable Software and Affected Versions: cpp-ethereum version affected versions not specified Description: An issue exists in the miner stop API endpoint of cpp-ethereum's JSON-RPC, where improper authorization can be exploited. An attacker can send JSON data to trigger this issue...

CVE-2017-8046

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 Ingalls SR9, versions prior to 3.0.1 Kay SR1 and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code...

Code injection

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 Ingalls SR9, versions prior to 3.0.1 Kay SR1 and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code...

Information disclosure

Trapeze TransitMaster is vulnerable to information disclosure emails / hashed passwords via a modified userID field in JSON data to ManageSubscriber.aspx/GetSubscriber. NOTE: this software is independently deployed at multiple municipal transit systems; it is not found exclusively on the...

CVE-2017-14943

Trapeze TransitMaster is vulnerable to information disclosure emails / hashed passwords via a modified userID field in JSON data to ManageSubscriber.aspx/GetSubscriber. NOTE: this software is independently deployed at multiple municipal transit systems; it is not found exclusively on the...

CVE-2017-14943

Trapeze TransitMaster is vulnerable to information disclosure emails / hashed passwords via a modified userID field in JSON data to ManageSubscriber.aspx/GetSubscriber. NOTE: this software is independently deployed at multiple municipal transit systems; it is not found exclusively on the...

CVE-2017-14943

CVE-2017-14943 affects Trapeze TransitMaster. The vulnerability permits information disclosure (emails and hashed passwords) through a modified userID field in JSON data sent to ManageSubscriber.aspx/GetSubscriber. The available sources describe the impact but do not specify affected versions, ex...

[SECURITY] Fedora 27 Update: python-jwt-1.5.3-1.fc27

A Python implementation of JSON Web Token draft 01. This library provides a means of representing signed content using JSON data structures, including claims to be transferred between two parties encoded as digitally signed and encrypted JSON objects...

Arbitrary Code Execution

spring-data-rest servers are vulnerable to arbitrary code execution attacks. The attacks exist because it does not check the path before processing PATCH requests to the server, allowing the attackers to submit patch requests with malicious JSON data...

CVE-2017-14262

On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUserPasswd parameter...

GSA Bounty: Cross-Site Request Forgery on the Federalist API (all endpoints), using Flash file on the attacker's host

We endorse sp1d3rs's summary! The PR fixing this ticket is here: https://github.com/18F/federalist/pull/1157 Thanks to the 18F team for the great experience, fast fix, and the bounty! The report details i requested the limited disclosure due to lot of sensitive info in the attachments and report...

Cross-site Scripting (XSS)

TYPO3 CMS is vulnerable to cross-site scripting XSS attacks. The library does not properly encode user input, allowing a malicious user to inject and execute arbitrary webscript when storing JSON data...

CVE-2017-9785

Csrf.cs in NancyFX Nancy before 1.4.4 and 2.x before 2.0-dangermouse has Remote Code Execution via Deserialization of JSON data in a CSRF Cookie...

Uniview NVR - Password Disclosure

Uniview NVR remote passwords disclosure Author: B1t The Uniview NVR web application does not enforce authorizations on the main.cgi file when requesting json data. It says that you can do anything without authentication, however you must know the request structure. In addition, the users' passwor...

Denial Of Service (DoS)

github.com/kubernetes/kubernetes is vulnerable to denial of service attacks. These attacks can be triggered by invalid JSON data. The invalid JSON data causes github.com/kubernetes/kubernetes to panic and cause a nil pointer dereference causing the master process to crash. This is related to...