465 matches found
CVE-2011-5298
Multiple cross-site request forgery CSRF vulnerabilities in Argyle Social 2011-04-26 allow remote attackers to hijack the authentication of administrators for requests that 1 modify credentials via the role parameter to users/create/, 2 modify rules via the terms field in streamfilterrule JSON da...
ManageEngine Desktop Central MSP Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Desktop Central MSP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NativeAppServlet servlet. The issue lies in the failure to saniti...
Design/Logic Flaw
The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly restrict toJSON calls, which allows remote attackers to bypass the Same Origin Policy via crafted API calls that access sensitive information within the JSON data of an alarm...
CVE-2014-1583
CVE-2014-1583 affects Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2; the Alarm API’s toJSON calls were not properly restricted, allowing remote attackers to bypass the Same Origin Policy by crafting API calls to access sensitive information in an alarm’s JSON data. Impact is cross-...
CVE-2014-1583
The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly restrict toJSON calls, which allows remote attackers to bypass the Same Origin Policy via crafted API calls that access sensitive information within the JSON data of an alarm...
CVE-2014-1583
The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly restrict toJSON calls, which allows remote attackers to bypass the Same Origin Policy via crafted API calls that access sensitive information within the JSON data of an alarm...
Amazon Linux AMI : json-c (ALAS-2014-416)
The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service CPU consumption via crafted JSON data, involving collisions. Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified...
CVE-2014-3188
Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors involving JSON data, related to improper parsing of an escaped index by ParseJsonObject in...
CVE-2014-3188
Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors involving JSON data, related to improper parsing of an escaped index by ParseJsonObject in...
CVE-2014-3188
CVE-2014-3188 affects Google Chrome (and Chrome OS) prior to 38.0.2125.101. The flaw arises from the interaction of IPC and V8, specifically an improper parsing of an escaped index in json-parser.h (ParseJsonObject), enabling remote code execution via crafted JSON data. Affected: Chrome <38.0....
CVE-2014-3188
Removed by vendor...
CVE-2014-3188
Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors involving JSON data, related to improper parsing of an escaped index by ParseJsonObject in...
Medium: json-c
Issue Overview: The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service CPU consumption via crafted JSON data, involving collisions. Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service...
the elasticsearch exploit tool kit-vulnerability warning-the black bar safety net
ElasticSearch is based on Lucene to build the open source, distributed, RESTful search engine. Designed for cloud computing, it is possible to achieve real-time search, stable, reliable, fast, install easy to use. Support through HTTP using the JSON data index. ! Please do not used for illegal...
json-c: hash collision DoS
The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service CPU consumption via crafted JSON data, involving collisions...
CVE-2013-6371
The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service CPU consumption via crafted JSON data, involving collisions...
CVE-2013-6371
The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service CPU consumption via crafted JSON data, involving collisions...
CVE-2013-6371
The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service CPU consumption via crafted JSON data, involving collisions...
CVE-2013-6371
The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service CPU consumption via crafted JSON data, involving collisions...
CVE-2013-6371
CVE-2013-6371 affects json-c prior to 0.12. The issue is a hash collision denial-of-service in the JSON-C hash function used during string parsing, allowing an attacker to cause high CPU/DoS with crafted JSON data. Public advisories (Red Hat RHSA-2014:0703, Oracle/OpenSUSE/NASL/ Mandriva entries,...