78 matches found
Moderate: libfastjson security update
The libfastjson library provides essential JavaScript Object Notation JSON handling functions. The library enables users to construct JSON objects in C, output them as JSON-formatted strings, and convert JSON-formatted strings back to the C representation of JSON objects. Security Fixes: json-c,...
8x8 Bounty: Jitsi: Bridge Message Spoofing due to Improper JSON Handling leads to Prototype Pollution
The Jitsi VideoBridge failed to properly handle JSON messages with duplicate colibriClass keys, enabling clients to send messages interpreted differently by the bridge and resulting in unauthorized actions within video conferences. Jitsi Security Advisory has been published...
SUSE CVE-2013-0155
Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NU...
SUSE CVE-2013-6417
actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query...
AZL-74511 CVE-2022-45491 affecting package suitesparse 7.11.0-1
Buffer overflow vulnerability in function jsonparsevalue in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 November 14, 2022 allows attackers to code arbitrary code and gain escalated privileges...
CVE-2022-43565
In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ‘tstats command handles Javascript Object Notation JSON lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the...
PT-2022-26968 · Splunk · Splunk Enterprise
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.2.9 Splunk Enterprise versions prior to 8.1.12 Description: The issue arises from how the tstats command handles Javascript Object Notation JSON, allowing an attacker to bypass SPL safeguards for risky...
Deadfinder - Find Dead-Links (Broken Links)
Dead link broken link means a link within a web page that cannot be connected. These links can have a negative impact to SEO and Security. This tool makes it easy to identify and modify. Installation Install with Gem gem install deadfinder Docker Image docker pull ghcr.io/hahwul/deadfinder:latest...
CVE-2018-17701
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Design/Logic Flaw
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2018-17701
CVE-2018-17701 affects Foxit PhantomPDF (9.2.0.9297 and earlier per CNVD) on Windows. The flaw is an out-of-bounds/read past end in the JSON handling due to insufficient input validation, enabling arbitrary code execution in the context of the target process. Exploitation requires user interactio...
CVE-2018-17701
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
ESnet iPerf3 JSON parse_string UTF Code Execution Vulnerability(CVE-2016-4303)
DESCRIPTION An exploitable remote code execution vulnerability exists in the JSON handling functionality of ESnet iPerf3. A specially crafted JSON string can lead to buffer overflow on the heap resulting in remote code execution. An attacker can send an unauthenticated packet to any reachable...
Ruby: Arbitrary heap exposure in JSON.generate
Running this snippet can expose arbitrary memory: ruby require 'json' state = JSON.state.new state.space = "\0" 1024 puts JSON.generatea: :b, state "a": psych/handlers/recorder.rb tensi0 reeze Gem::Specification.new do |s| to objects of the same type as the original delegate...
Detect Shared Passwords: shard
A command line tool to detect shared passwords List available modules: $ java -jar shard-1.0.jar -l Available modules: Facebook LinkedIn Reddit Twitter Instagram Given a username and password shard will attempt to authenticate with multiple sites: $ java -jar shard-1.0.jar -u -p - Tried credentia...
DEBIAN-CVE-2013-0155
Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NU...
rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails
Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NU...
Opera < 12 Multiple Vulnerabilities
The version of Opera installed on the remote host is prior to 12.00. It is, therefore, affected by multiple vulnerabilities : - An error exists that can allow the address bar to display incorrect locations due to certain combinations of navigation, reloads and redirects, which can aid in phishing...