Lucene search
K

167 matches found

OSV
OSV
added 2021/02/16 4:15 p.m.6 views

CVE-2020-35566

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An attacker can read arbitrary JSON files via Local File Inclusion...

5.3CVSS5.9AI score0.012EPSS
Exploits0References3
Prion
Prion
added 2021/02/16 4:15 p.m.17 views

Design/Logic Flaw

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An attacker can read arbitrary JSON files via Local File Inclusion...

5CVSS6.3AI score0.012EPSS
Exploits0References3Affected Software4
Cvelist
Cvelist
added 2021/02/16 3:40 p.m.19 views

CVE-2020-35566 Local file inclusion vulnerability in products of MB connect line and Helmholz

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An attacker can read arbitrary JSON files via Local File Inclusion...

5.3CVSS5.3AI score0.012EPSS
Exploits0References3
Snyk
Snyk
added 2020/11/19 3:6 p.m.2 views

Directory Traversal

Overview github.com/TykTechnologies/tyk/gateway is a Tyk Gateway API Affected versions of this package are vulnerable to Directory Traversal via the handleAddOrUpdateApi function. This function is able to delete arbitrary JSON files on the disk where Tyk is running via the management API. The API...

5.3CVSS6.8AI score0.00525EPSS
Exploits1References2
NVD
NVD
added 2020/10/16 11:15 p.m.34 views

CVE-2020-17023

A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

9.3CVSS0.04243EPSS
Exploits0References1
Prion
Prion
added 2020/10/16 11:15 p.m.24 views

Remote code execution

A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

9.3CVSS7.9AI score0.04243EPSS
Exploits0References1
NVD
NVD
added 2020/09/11 5:15 p.m.41 views

CVE-2020-16881

A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

9.3CVSS0.05365EPSS
Exploits0References1
Prion
Prion
added 2020/09/11 5:15 p.m.36 views

Remote code execution

A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

9.3CVSS7.9AI score0.05365EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/09/08 12:0 a.m.47 views

Security Update for Microsoft Visual Studio Code (CVE-2020-16881)

The version of Microsoft Visual Studio Code installed on the remote Windows host is prior to 1.48.2. It is, therefore, affected by the following vulnerability: - A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file...

9.3CVSS8.6AI score0.05365EPSS
Exploits0References3
OSV
OSV
added 2020/09/03 6:14 p.m.8 views

GHSA-CR67-78JR-J94P Local File Inclusion in domokeeper

All versions of domokeeper are vulnerable to Local File Inclusion. The /plugin/ route passes a GET parameter unsanitized to a require call. It then returns the output of require in the server response. This may allow attackers to load unintended code in the application. It also allows attackers t...

6.9AI score
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2020/08/18 7:0 a.m.5 views

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file as demonstrated by printbuf_memappend.

...

7.8CVSS7AI score0.01888EPSS
Exploits1
Kitploit
Kitploit
added 2020/07/11 1:0 p.m.37 views

ParamSpider - Mining Parameters From Dark Corners Of Web Archives

ParamSpider : Parameter miner for humans. Key Features : Finds parameters from web archives of the entered domain. Finds parameters from subdomains as well. Gives support to exclude urls with specific extensions. Saves the output result in a nice and clean manner. It mines the parameters from web...

7.3AI score
Exploits0References2
OSV
OSV
added 2020/05/28 11:33 a.m.5 views

USN-4360-4 json-c vulnerability

USN-4360-1 fixed a vulnerability in json-c. The security fix introduced a memory leak that was reverted in USN-4360-2 and USN-4360-3. This update provides the correct fix update for CVE-2020-12762. Original advisory details: It was discovered that json-c incorrectly handled certain JSON files. An...

7.8CVSS7AI score0.01888EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2020/05/28 11:33 a.m.109 views

USN-4360-4: json-c vulnerability

USN-4360-1 fixed a vulnerability in json-c. The security fix introduced a memory leak that was reverted in USN-4360-2 and USN-4360-3. This update provides the correct fix update for CVE-2020-12762. Original advisory details: It was discovered that json-c incorrectly handled certain JSON files. An...

7.8CVSS7.2AI score0.01888EPSS
Exploits1
CNVD
CNVD
added 2020/05/11 12:0 a.m.8 views

json-c integer overflow and out-of-bounds write vulnerability

json-c is a C implementation of JSON. An integer overflow and out-of-bounds write vulnerability exists in json-c 0.14 and earlier. An attacker can exploit this vulnerability to cause integer overflow and out-of-bounds writes via large JSON files...

7.8CVSS7.7AI score0.01888EPSS
Exploits1References1
OSV
OSV
added 2020/05/09 6:15 p.m.6 views

AZL-6506 CVE-2020-12762 affecting package json-c for versions less than 0.15-2

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbufmemappend...

7.8CVSS6.9AI score0.01888EPSS
Exploits1References1
OSV
OSV
added 2020/05/09 6:15 p.m.3 views

UBUNTU-CVE-2020-12762

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbufmemappend...

7.8CVSS6.8AI score0.01888EPSS
Exploits1References5
Kitploit
Kitploit
added 2019/11/30 11:30 a.m.205 views

Mordor - Re-play Adversarial Techniques

The Mordor project provides pre-recorded security events generated by simulated adversarial techniques in the form of JavaScript Object Notation JSON files for easy consumption. The pre-recorded data is categorized by platforms, adversary groups, tactics and techniques defined by the Mitre ATT&CK...

7.2AI score
Exploits0References4
Veracode
Veracode
added 2019/07/05 6:0 a.m.9 views

Directory Traversal

domokeeper is susceptible to directory traversal. The attack is possible because of the use of the command require which dynamically read unintended arbitary json files and load non-production code on the server...

6.9AI score
Exploits0
Kitploit
Kitploit
added 2019/05/22 9:35 p.m.127 views

Graffiti - A Tool To Generate Obfuscated One Liners To Aid In Penetration Testing

NOTE : Never upload payloads to online checkers Graffiti is a tool to generate obfuscated oneliners to aid in penetration testing situations. Graffiti accepts the following languages for encoding: Python Perl Batch Powershell PHP Bash Graffiti will also accept a language that is not currently on...

7.5AI score
Exploits0References2
Rows per page
Query Builder