Fedora 20 : jansson-2.6-1.fc20 (2014-3778)

Florian Weimer of the Red Hat Product Security Team found that the hashing implementation in Jansson, a library for encoding, decoding and manipulating JSON data, was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause an application using Jansson to use an...

Spoofing

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 allows remote attackers to cause a denial of service application crash or hang via crafted character sequences in JSON data, aka "JSON Parsing Vulnerability."...

Microsoft .NET Framework Remote Code Execution Vulnerabilities (2878890)

This host is missing a critical security update according to Microsoft Bulletin MS13-082. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2013-1646

Multiple cross-site scripting XSS vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary web script or HTML via 1 invalid JSON data in a mail-sending POST request, 2 an arbitrary parameter to...

CVE-2013-1646

Multiple cross-site scripting XSS vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary web script or HTML via 1 invalid JSON data in a mail-sending POST request, 2 an arbitrary parameter to...

EcShop冒充任意用户发商品评论，合理利用可操纵网店舆论

简要描述： 登录用户可以冒充任意其他注册用户对任意商品发表评论，合理利用可操纵网店舆论 详细说明： 漏洞代码在comment.php的287行处： $username = empty$cmt-username ? $SESSION'username' : trim$cmt-username; $cmt是一个json数据结构，在comment.php的37行处赋值： $cmt = $json-decode$REQUEST'cmt'; 由此可见，这里只要用户提交了"username":"any user account"的json code，就能冒充任意用户发表对指定商品的评论！ 漏洞证明：...

Microsoft Internet Explorer Multiple Use After Free Vulnerabilities (2829530)

This host is missing a critical security update according to Microsoft Bulletin MS13-037. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Internet Explorer Multiple Use After Free Vulnerabilities (2829530)

This host is missing a critical security update according to Microsoft Bulletin MS13-037. OpenVAS Vulnerability Test $Id: secpodms13-037.nasl 6086 2017-05-09 09:03:30Z teissa $ Microsoft Internet Explorer Multiple Use After Free Vulnerabilities 2829530 Authors: Thanga Prakash S Copyright: Copyrig...

Ruby on Rails XML parameter injection Vulnerability(CVE-2 0 1 3-0 1 5 6)analysis-vulnerability warning-the black bar safety net

Author: wofeiwo80sec.com Note that this article is basically the article of the English version, since my level is limited, so if you see not quite understand, suggest to go to the original view. Recently, the RoR vulnerability outbreak,just yesterday, Pro morning,RoR official website released a...

CVE-2012-3888

The login implementation in AirDroid 1.0.4 beta allows remote attackers to bypass a multiple-login protection mechanism by modifying a pass value within JSON data...

Design/Logic Flaw

The login implementation in AirDroid 1.0.4 beta allows remote attackers to bypass a multiple-login protection mechanism by modifying a pass value within JSON data...

CVE-2012-3888

The login implementation in AirDroid 1.0.4 beta allows remote attackers to bypass a multiple-login protection mechanism by modifying a pass value within JSON data...

CVE-2012-3888

The CVE-2012-3888 entry corresponds to AirDroid 1.0.4 beta, where the login implementation allows remote bypass of the multiple-login protection by modifying a pass value in JSON data. Exploitation details are not provided beyond this manipulation vector; in-the-wild status is not stated. Publicl...

RHEL 6 : system-config-firewall (RHSA-2011:0953)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2011:0953 advisory. system-config-firewall is a graphical user interface for basic firewall setup. It was found that system-config-firewall used the Python pickle module...

CVE-2011-2532

The json.decode function in util/json.lua in Prosody 0.8.x before 0.8.1 might allow remote attackers to cause a denial of service infinite loop via invalid JSON data, as demonstrated by truncated data...

CVE-2011-2532

The json.decode function in util/json.lua in Prosody 0.8.x before 0.8.1 might allow remote attackers to cause a denial of service infinite loop via invalid JSON data, as demonstrated by truncated data...

Design/Logic Flaw

The json.decode function in util/json.lua in Prosody 0.8.x before 0.8.1 might allow remote attackers to cause a denial of service infinite loop via invalid JSON data, as demonstrated by truncated data...

CVE-2011-2532

The json.decode function in util/json.lua in Prosody 0.8.x before 0.8.1 might allow remote attackers to cause a denial of service infinite loop via invalid JSON data, as demonstrated by truncated data...

CVE-2011-2532

The json.decode function in util/json.lua in Prosody 0.8.x before 0.8.1 might allow remote attackers to cause a denial of service infinite loop via invalid JSON data, as demonstrated by truncated data...

HTTP Origin Response Header Usage

The remote web server sets an Origin response header in some responses. Origin has been proposed as a way to mitigate cross-site request forgery and JSON data theft. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription...