323 matches found
LibSass 'json_mkstream()' function heap buffer overflow vulnerability
LibSass is an open source written in C using Sass CSS extension language parser . A heap buffer overflow vulnerability exists in the 'jsonmkstream' function of the sasscontext.cpp file in LibSass version 3.4.5. A remote attacker can exploit this vulnerability to cause a denial of service heap...
DEBIAN-CVE-2016-6317
Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing...
ESnet iPerf3 Heap Buffer Overflow Vulnerability
ESnet iPerf3 is a set of tools for testing maximum bandwidth in IP networks. A heap buffer overflow vulnerability exists in the JSON handling feature of Esnet iperf version 3.1.1. A remote attacker can exploit this vulnerability to cause a heap buffer overflow with a specially crafted JSON string...
CVE-2016-4425
Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service deep recursion, stack consumption, and crash via crafted JSON data...
Jansson Denial of Service Vulnerability
Jansson is a C language library for encoding, decoding and generating JSON data . Jansson processing special json file has a security vulnerability , allowing remote attackers can build special json file for denial of service attacks...
PostgreSQL json or jsonb Data Denial of Service Vulnerability
PostgreSQL is an object-relational database management system that supports an extended subset of SQL standards. A security vulnerability exists in PostgreSQL that can be exploited by remote attackers to submit special json or jsonb data to crash the target service...
IBM OpenPages GRC Platform Security Restriction Bypass Vulnerability
IBM OpenPages GRC Platform is a suite of governance, risk and compliance platforms for managing enterprise risk and compliance challenges. The IBM OpenPages GRC Platform failed to perform adequate access checks on JSON requests, allowing a remote attacker to exploit a vulnerability to change user...
Red Hat OpenShift Origin API Server Denial of Service Vulnerability
Red Hat OpenShift Origin is an open source Platform as a Service PaaS product from Red Hat, Inc. A security vulnerability in the API server of Red Hat OpenShift Origin version 1.0.5 can be exploited by a remote attacker to cause a denial of service crash of the master process with specially craft...
F5 BIG-IP Application Security Manager JSON Content Handling ASM Filter Bypass Vulnerability
F5 BIG-IP is the application switch. The F5 BIG-IP Application Security Manager ASM JSON parser fails to properly filter URL-encoded content, allowing remote attackers to exploit a vulnerability to bypass security filters...
UBUNTU-CVE-2013-6401
Jansson, possibly 2.4 and earlier, does not restrict the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted JSON document...
rubygem-actionpack: unsafe query generation risk (incomplete fix for CVE-2013- 0155)
actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query...
CVE-2013-3861
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 allows remote attackers to cause a denial of service application crash or hang via crafted character sequences in JSON data, aka "JSON Parsing Vulnerability."...
Ruby on Rails Patches DoS, Remote Execution Flaws
Web app framework Ruby on Rails patched two security flaws this week in the open source framework that could have led to denial of service attacks and remote execution vulnerabilities. With builds 3.2.12, 3.1.11 and 2.3.17, the framework fixed a serialized attributes YAML vulnerability...
Spoofing
Spree 0.11.x before 0.11.2 and 0.30.x before 0.30.0 exchanges data using JavaScript Object Notation JSON without a mechanism for validating requests, which allows remote attackers to obtain sensitive information via vectors involving 1 admin/products.json, 2 admin/users.json, or 3...
DEBIAN-CVE-2008-1318
Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows remote attackers to obtain sensitive "cross-site" information via the callback parameter in an API call for JavaScript Object Notation JSON formatted results...
MediaWiki JSON Callback Crafted API Request Information Disclosure
The version of MediaWiki installed on the remote host is affected by an information disclosure vulnerability. A remote attacker can exploit this via the 'callback' parameter in an API call for JavaScript Object Notation JSON formatted results. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
CVE-2007-2382
The Moo.fx framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other...
Design/Logic Flaw
The Moo.fx framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other...
Design/Logic Flaw
The Script.aculo.us framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using...
CVE-2007-2383
The Prototype prototypejs framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and...