Format string

The export/content.php exportarticle feature in the wordpress-mobile-pack plugin before 2.1.3 2015-06-03 for WordPress allows remote attackers to obtain sensitive information because the content of a privately published post is sent in JSON format...

CVE-2015-9269

The CVE-2015-9269 entry concerns the WordPress wordpress-mobile-pack plugin (before 2.1.3). The vulnerability arises in the export/article feature, where content from a privately published post is sent in JSON via exportarticle, enabling remote attackers to obtain sensitive information. Impact is...

CVE-2015-9269

The export/content.php exportarticle feature in the wordpress-mobile-pack plugin before 2.1.3 2015-06-03 for WordPress allows remote attackers to obtain sensitive information because the content of a privately published post is sent in JSON format...

CVE-2018-16672

An issue was discovered in CIRCONTROL CirCarLife before 4.3. Due to the storage of multiple sensitive information elements in a JSON format at /services/system/setup.json, an authenticated but unprivileged user can exfiltrate critical setup information...

SQLmap Tamper-API - SQLMap Tamper API To Accept Tamper Scripts From All Languages

It's an API for SQLmap tamper scripts allows you to use your favorite programming language to write your tamper scripts. This API solves SQLmap limitation of accepting only python to write tamper scripts. How it works taper-api.py script sends the payload and kwargs in a JSON format "payload": ""...

Design/Logic Flaw

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment...

IntelMQ - A solution for IT security teams for collecting and processing security feeds using a message queuing protocol

IntelMQ is a solution for IT security teams CERTs, CSIRTs, abuse departments,... for collecting and processing security feeds such as log files using a message queuing protocol. It's a community driven initiative called IHAP Incident Handling Automation Project which was conceptually designed by...

custom-bytecode-analyzer - Java bytecode analyzer customizable via JSON rules

Java bytecode analyzer customizable via JSON rules. It is a command-line tool that receives a path containing one or more Jar files, analyzes them using the provided rules and generates HTML reports with the results. Usage usage: java -jar cba-cli.jar OPTIONS -a DIRECTORYTOANALYZE -a,--analyze Pa...

Deserialization Of Pickled Message

Celery is vulnerable to deserialization attacks. The default configuration in Celery allows for the deserialization of pickled messages, even if it is configured to send messages in the JSON format. This is because the acceptcontent setting by default is set to: app.conf.acceptcontent = 'json',...

Shopify: Stored XSS in https://productreviews.shopifyapps.com/proxy/v4/reviews/product

Hi , I have found a stored XSS issue in https://productreviews.shopifyapps.com Details: Going to https://productreviews.shopifyapps.com/proxy/v4/reviews/product?productid=8254331011&version=v4&shop=zh5403-attacker.myshopify.com&=cache&callback=test will show you the details of a product with the ...

Log pollution can potentially lead to local HTML injection - ownCloud

The "download log" functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment disposition forcing the browser to download the document. However, Firefox running on Microsoft Windows would offer the user to open the data in the...

Server: Log pollution can potentially lead to local HTML injection

The "download log" functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment disposition forcing the browser to download the document. However, Firefox running on Microsoft Windows would offer the user to open the data in the...

Log pollution can potentially lead to local HTML injection (NC-SA-2016-002)

The "download log" functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment disposition forcing the browser to download the document. However, Firefox running on Microsoft Windows would offer the user to open the data in the...

The Correlated Vulnerability And Threat Database: vFeed

vFeed Framework is a CVE, CWE and OVAL Compatible naming scheme concept that provides extra structured detailed third-party references and technical characteristics for a CVE entry through an extensible XML/JSON schema. It also improves the reliability of CVEs by providing a flexible and...

Local file overwriting and potential privilege escalation through CSP reports — Mozilla

Security researcher Nicolas Golubovic reported that a malicious page can overwrite files on the user's machine using Content Security Policy CSP violation reports. The file contents are restricted to the JSON format of the report. In many cases overwriting a local file may simply be destructive,...

Infor CRM 8.2.0.1136 - Multiple HTML Script Injection Vulnerabilities

Exploit for multiple platform in category web applications Infor CRM 8.2.0.1136 Multiple HTML Script Injection Vulnerabilities Vendor: Infor Product web page: http://www.infor.com Affected version: 8.2.0.1136 Summary: Infor® CRM, formerly Saleslogix, is an award-winning customer relationship...

Infor CRM 8.2.0.1136 - Multiple HTML Script Injection Vulnerabilities

Infor CRM 8.2.0.1136 Multiple HTML Script Injection Vulnerabilities Vendor: Infor Product web page: http://www.infor.com Affected version: 8.2.0.1136 Summary: Infor® CRM, formerly Saleslogix, is an award-winning customer relationship management CRM solution that provides a complete view of...

Infor CRM 8.2.0.1136 - Multiple HTML Script Injection Vulnerabilities

Infor CRM 8.2.0.1136 - Multiple HTML Script Injection Vulnerabilities Infor CRM 8.2.0.1136 Multiple HTML Script Injection Vulnerabilities Vendor: Infor Product web page: http://www.infor.com Affected version: 8.2.0.1136 Summary: Infor® CRM, formerly Saleslogix, is an award-winning customer...

OpenXchange User Enumeration

Hi@all, there is an information disclosure in OpenXchange prior 7.8. An authenticated user can enumerate all imap user folders. If you browse the PoC you get an permission denied error, but the folder’s name is reflected into the page in json format. About Open Xchange: Open-Xchange2 develops,...

PhpMoAdmin vulnerability analysis report-vulnerability warning-the black bar safety net

phpMoAdmin is a convenient online MongoDB management tool that can be used to create, delete and modify databases and indexes, view and data search tool that provides database startup time and memory statistics, support for JSON format data import and export the php application. Recently named...