Cross site request forgery (csrf)

parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is...

Improper Input Validation

Fastjson allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is mishandled in AjaxApplication.java...

TP-Link TL-WR886N Denial of Service Vulnerability (CNVD-2019-07038)

The TP-Link TL-WR886N is a wireless router product from China P&L TP-LINK. A security vulnerability exists in TP-Link TL-WR886N version 6.0 2.3.4 and 7.0 1.1.0. An attacker can exploit the vulnerability by sending a request with long JSON data to cause the router service to crash...

TP-Link TL-WR886N Denial of Service Vulnerability (CNVD-2019-07041)

The TP-Link TL-WR886N is a wireless router product from China P&L TP-LINK. A security vulnerability exists in TP-Link TL-WR886N version 6.0 2.3.4 and 7.0 1.1.0. An attacker can exploit the vulnerability by sending a request with long JSON data to cause the router service to crash...

TP-Link TL-WR886N Denial of Service Vulnerability (CNVD-2019-07042)

The TP-Link TL-WR886N is a wireless router product from China P&L TP-LINK. A security vulnerability exists in TP-Link TL-WR886N version 6.0 2.3.4 and 7.0 1.1.0. An attacker can exploit the vulnerability by sending a request with long JSON data to cause the router service to crash...

Remote Code Execution Via JSON Deserialization

jodd-json is vulnerable to remote code execution via JSON deserialization. The JSON parser supports polymorphic deserialization when setClassMetadataName is set, which allows an attacker to execute arbitrary code using a crafted JSON request...

Security Bulletin: A vulnerability in Struts affects IBM InfoSphere Metadata Workbench

Summary A Struts vulnerability affects IBM InfoSphere Metadata Workbench. Vulnerability Details CVEID: CVE-2017-15707 DESCRIPTION: Apache Struts is vulnerable to a denial of service. By sending a specially crafted JSON request using outdated json-lib with the Struts REST plugin, a remote attacker...

Upserve : OLO Total price manipulation using negative quantities

Manipulating an order request JSON object, containing an additional item with a negative quantity directly manipulates the total amount of the order. In the following JSON request, an order is submitted for 2 ChickenBurgers $12 each, as well as -1 BreadPuddings $9 each. The total price after tax...

CVE-2018-1000083

Ajenti version version 2 contains a Improper Error Handling vulnerability in Login JSON request that can result in The requisition leaks a path of the server. This attack appear to be exploitable via By sending a malformed JSON, the tool responds with a traceback error that leaks a path of the...

Input validation

Ajenti version version 2 contains a Improper Error Handling vulnerability in Login JSON request that can result in The requisition leaks a path of the server. This attack appear to be exploitable via By sending a malformed JSON, the tool responds with a traceback error that leaks a path of the...

CVE-2018-1000083

Ajenti version version 2 contains a Improper Error Handling vulnerability in Login JSON request that can result in The requisition leaks a path of the server. This attack appear to be exploitable via By sending a malformed JSON, the tool responds with a traceback error that leaks a path of the...

CVE-2018-7722

The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /ws.php?format=json request. CSRF exploitation, related to CVE-2017-10681, may be possible...

Micro Focus NetIQ Privileged Account Manager Cross-Site Scripting Vulnerability

Micro Focus NetIQ Privileged Account Manager is a privileged user management solution from Micro Focus UK. The solution protects privileged account access to databases, applications and the cloud. A cross-site scripting vulnerability exists in versions prior to Micro Focus NetIQ Privileged Accoun...

Design/Logic Flaw

F-Secure Radar on-premises before 2018-02-15 has XSS via vectors involving the Tags parameter in the JSON request body in an outbound request for the /api/latest/vulnerabilityscans/tags/batch resource, aka a "suggested metadata tags for assets" issue...

CVE-2018-6189

F-Secure Radar on-premises before 2018-02-15 has XSS via vectors involving the Tags parameter in the JSON request body in an outbound request for the /api/latest/vulnerabilityscans/tags/batch resource, aka a "suggested metadata tags for assets" issue...

Authorization

An exploitable improper authorization vulnerability exists in minerstart API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this...

Authorization

An exploitable improper authorization vulnerability exists in adminaddPeer API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger thi...

Apache Struts2 S2-054 DoS Vulnerability

Exploit for multiple platform in category dos / poc Summary A crafted JSON request can be used to perform a DoS attack when using the Struts REST plugin Who should read this All Struts 2 developers and users which are using the REST plugin Impact of vulnerability A DoS attack is possible when usi...

Apache Struts2 S2-054(CVE-2017-15707)

Summary A crafted JSON request can be used to perform a DoS attack when using the Struts REST plugin | | | | :------------ | :------------ | | Who should read this | All Struts 2 developers and users which are using the REST plugin | | Impact of vulnerability | A DoS attack is possible when using...

Unitrends Backup api/storage input validation vulnerability

Added: 11/29/2017 Background Unitrends Backup is an enterprise backup, ransomware detection, and cloud continuity solution. Problem Unitrends Backup does not properly validate the hostname parameter in a JSON request to the api/storage resource, allowing a remote attacker to bypass authentication...