Lucene search
K

78 matches found

AlmaLinux
AlmaLinux
added 2023/11/07 12:0 a.m.36 views

Moderate: libfastjson security update

The libfastjson library provides essential JavaScript Object Notation JSON handling functions. The library enables users to construct JSON objects in C, output them as JSON-formatted strings, and convert JSON-formatted strings back to the C representation of JSON objects. Security Fixes: json-c,...

7.8CVSS7.3AI score0.01888EPSS
Exploits1References4
Hacker One
Hacker One
added 2023/08/03 3:51 p.m.6 views

8x8 Bounty: Jitsi: Bridge Message Spoofing due to Improper JSON Handling leads to Prototype Pollution

The Jitsi VideoBridge failed to properly handle JSON messages with duplicate colibriClass keys, enabling clients to send messages interpreted differently by the bridge and resulting in unauthorized actions within video conferences. Jitsi Security Advisory has been published...

6.9AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:42 a.m.4 views

SUSE CVE-2013-0155

Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NU...

6.4CVSS7AI score0.08245EPSS
Exploits1References13
SUSE CVE
SUSE CVE
added 2023/02/15 5:34 a.m.4 views

SUSE CVE-2013-6417

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query...

6.4CVSS6.9AI score0.02371EPSS
Exploits0References9
OSV
OSV
added 2023/02/03 9:15 p.m.6 views

AZL-74511 CVE-2022-45491 affecting package suitesparse 7.11.0-1

Buffer overflow vulnerability in function jsonparsevalue in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 November 14, 2022 allows attackers to code arbitrary code and gain escalated privileges...

7.8CVSS6AI score0.00261EPSS
Exploits0References1
OSV
OSV
added 2022/11/04 11:15 p.m.4 views

CVE-2022-43565

In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ‘tstats command handles Javascript Object Notation JSON lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the...

8.8CVSS5.8AI score0.00595EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/11/04 12:0 a.m.4 views

PT-2022-26968 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.2.9 Splunk Enterprise versions prior to 8.1.12 Description: The issue arises from how the tstats command handles Javascript Object Notation JSON, allowing an attacker to bypass SPL safeguards for risky...

8.8CVSS8.7AI score0.00595EPSS
Exploits0References5
Kitploit
Kitploit
added 2022/10/01 11:30 a.m.43 views

Deadfinder - Find Dead-Links (Broken Links)

Dead link broken link means a link within a web page that cannot be connected. These links can have a negative impact to SEO and Security. This tool makes it easy to identify and modify. Installation Install with Gem gem install deadfinder Docker Image docker pull ghcr.io/hahwul/deadfinder:latest...

7.6AI score
Exploits0References1
OSV
OSV
added 2019/01/24 4:29 a.m.3 views

CVE-2018-17701

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

8.8CVSS6.1AI score0.03855EPSS
Exploits0References2
Prion
Prion
added 2019/01/24 4:29 a.m.19 views

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

6.8CVSS8.8AI score0.03855EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2019/01/24 4:0 a.m.61 views

CVE-2018-17701

CVE-2018-17701 affects Foxit PhantomPDF (9.2.0.9297 and earlier per CNVD) on Windows. The flaw is an out-of-bounds/read past end in the JSON handling due to insufficient input validation, enabling arbitrary code execution in the context of the target process. Exploitation requires user interactio...

8.8CVSS8.8AI score0.03855EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2019/01/24 4:0 a.m.31 views

CVE-2018-17701

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

8.8AI score0.03855EPSS
Exploits0References2
seebug.org
seebug.org
added 2017/10/20 12:0 a.m.80 views

ESnet iPerf3 JSON parse_string UTF Code Execution Vulnerability(CVE-2016-4303)

DESCRIPTION An exploitable remote code execution vulnerability exists in the JSON handling functionality of ESnet iPerf3. A specially crafted JSON string can lead to buffer overflow on the heap resulting in remote code execution. An attacker can send an unauthenticated packet to any reachable...

7.5CVSS10.1AI score0.06963EPSS
Exploits2
Hacker One
Hacker One
added 2017/03/01 10:55 p.m.45 views

Ruby: Arbitrary heap exposure in JSON.generate

Running this snippet can expose arbitrary memory: ruby require 'json' state = JSON.state.new state.space = "\0" 1024 puts JSON.generatea: :b, state "a": psych/handlers/recorder.rb tensi0 reeze Gem::Specification.new do |s| to objects of the same type as the original delegate...

7.5CVSS0.2AI score0.09445EPSS
Exploits1
n0where
n0where
added 2016/07/10 2:44 a.m.19 views

Detect Shared Passwords: shard

A command line tool to detect shared passwords List available modules: $ java -jar shard-1.0.jar -l Available modules: Facebook LinkedIn Reddit Twitter Instagram Given a username and password shard will attempt to authenticate with multiple sites: $ java -jar shard-1.0.jar -u -p - Tried credentia...

0.6AI score
Exploits0References1
OSV
OSV
added 2013/01/13 10:55 p.m.3 views

DEBIAN-CVE-2013-0155

Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NU...

6.4CVSS7AI score0.08245EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2013/01/10 8:39 p.m.6 views

rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails

Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NU...

6.4CVSS7.2AI score0.08245EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2012/06/18 12:0 a.m.34 views

Opera < 12 Multiple Vulnerabilities

The version of Opera installed on the remote host is prior to 12.00. It is, therefore, affected by multiple vulnerabilities : - An error exists that can allow the address bar to display incorrect locations due to certain combinations of navigation, reloads and redirects, which can aid in phishing...

9.3CVSS5.8AI score0.03782EPSS
Exploits0References11
Rows per page
Query Builder