Lucene search
K

109 matches found

Packet Storm
Packet Storm
added 2020/10/02 12:0 a.m.310 views

MailDepot 2032 SP2 (2.2.1242) Authorization Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Advisory ID: SYSS-2019-048 Product: MailDepot Manufacturer: REDDOXX GmbH Affected Versions: 2032 SP2 2.2.1242 Tested Versions: 2032 SP2 2.2.1242 Vulnerability Type: Improper Authorization CWE-285 Risk Level: High Solution Status: Fixed Manufacturer...

0.1AI score0.01707EPSS
Exploits2
Fedora
Fedora
added 2020/05/26 3:18 a.m.37 views

[SECURITY] Fedora 30 Update: json-c-0.13.1-12.fc30

JSON-C implements a reference counting object model that allows you to easily construct JSON objects in C, output them as JSON formatted strings and parse JSON formatted strings back into the C representation of JSON objects. It aims to conform to RFC 7159...

7.8CVSS7.8AI score0.01888EPSS
Exploits1
Ivan 'd0znpp' Novikov
Ivan 'd0znpp' Novikov
added 2019/10/16 5:10 p.m.60 views

Security testing guide for JSON / REST APIs #1/3

Fuzzing is everything ; It’s the most useful and resultative hacking technique for sure. At the same time, fuzzing is not just random hitting applications or binaries with some random bytes. It’s more about ideas, a deep understanding of data formats and application flows, technology stacks, and ...

0.3AI score
Exploits0
exploitpack
exploitpack
added 2019/10/03 12:0 a.m.69 views

AnchorCMS 0.12.3a - Information Disclosure

AnchorCMS 0.12.3a - Information Disclosure Exploit Title: Information disclosure MySQL password in error log Date: 2/10/2019 Exploit Author: Tijme Gommers https://twitter.com/finnwea/ Vendor Homepage: https://anchorcms.com/ Software Link: https://github.com/anchorcms/anchor-cms/releases Version:...

5CVSS9.4AI score0.72272EPSS
Exploits4
Hacker One
Hacker One
added 2019/01/14 5:15 a.m.64 views

Tron Foundation: DOS attack by consuming all CPU and using all available memory

Summary: A single request to submit a post to /wallet/deploycontract with several megabytes of bytecode along with CPU intensive long parsing will consume CPU for about 10 minutes while still holding several megabytes of bytecode in heap. With enough requests lets say 1K-10K depending upon...

7.1AI score
Exploits0
Veracode
Veracode
added 2018/11/01 5:34 a.m.25 views

Denial Of Service (DoS)

spray-json is vulnerable to denial of service. An attacker is able to create an object with colliding keys to cause high resource consumption when HashMap creates a map, resulting in a denial of service condition when parsing multiple JSON object fields with the same hash code...

7.5CVSS7.1AI score0.01897EPSS
Exploits1References2Affected Software11
OSV
OSV
added 2018/10/31 5:29 a.m.22 views

CVE-2018-18854

Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service resource consumption because of Algorithmic Complexity during the parsing of many JSON object fields with keys that have the same hash code...

7.5CVSS6.8AI score
Exploits0References1
Prion
Prion
added 2018/06/04 7:29 p.m.14 views

Code injection

node-jose is a JavaScript implementation of the JSON Object Signing and Encryption JOSE for current web browsers and node.js-based servers. node-jose earlier than version 0.9.3 is vulnerable to an invalid curve attack. This allows an attacker to recover the private secret key when JWE with Key...

4.3CVSS5.6AI score0.00928EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2018/06/04 7:29 p.m.17 views

CVE-2017-16007

node-jose is a JavaScript implementation of the JSON Object Signing and Encryption JOSE for current web browsers and node.js-based servers. node-jose earlier than version 0.9.3 is vulnerable to an invalid curve attack. This allows an attacker to recover the private secret key when JWE with Key...

5.9CVSS5.9AI score
Exploits0References4
NVD
NVD
added 2018/01/19 11:29 p.m.17 views

CVE-2017-14460

An exploitable overly permissive cross-domain CORS whitelist vulnerability exists in JSON-RPC of Parity Ethereum client version 1.7.8. An automatically sent JSON object to JSON-RPC endpoint can trigger this vulnerability. A victim needs to visit a malicious website to trigger this vulnerability...

7.5CVSS7.4AI score0.01183EPSS
Exploits1References1
Prion
Prion
added 2018/01/19 11:29 p.m.15 views

Design/Logic Flaw

An exploitable overly permissive cross-domain CORS whitelist vulnerability exists in JSON-RPC of Parity Ethereum client version 1.7.8. An automatically sent JSON object to JSON-RPC endpoint can trigger this vulnerability. A victim needs to visit a malicious website to trigger this vulnerability...

5.1CVSS7.4AI score0.01183EPSS
Exploits1References1Affected Software1
Talos
Talos
added 2018/01/09 12:0 a.m.106 views

Parity Ethereum Client Overly Permissive Cross-domain Whitelist JSON-RPC vulnerability

Summary An exploitable overly permissive cross-domain CORS whitelist vulnerability exists in JSON-RPC of Parity Ethereum client version 1.7.8. An automatically sent JSON object to JSON-RPC endpoint can trigger this vulnerability. A victim needs to visit malicious website to trigger this...

7.5CVSS7.5AI score0.01183EPSS
Exploits1
NVD
NVD
added 2017/03/30 6:59 p.m.15 views

CVE-2017-7253

Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low-privilege credentials to list all users via a request to a certain URI. 2. Login to the IP camera with admin credentials so as to obtain full control of the target IP camera. During exploitation, the fir...

9CVSS8.7AI score0.02296EPSS
Exploits1References2
Cvelist
Cvelist
added 2017/03/30 6:0 p.m.21 views

CVE-2017-7253

Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low-privilege credentials to list all users via a request to a certain URI. 2. Login to the IP camera with admin credentials so as to obtain full control of the target IP camera. During exploitation, the fir...

9.1AI score0.02296EPSS
Exploits1References2
Veracode
Veracode
added 2017/02/24 8:3 a.m.11 views

Cross-site Scripting (XSS)

react is vulnerable to cross-site scripting XSS attacks. It does not properly validate input objects, allowing a malicious user to pass a JSON object and render it as an element...

5.7AI score
Exploits0
Packet Storm
Packet Storm
added 2017/01/12 12:0 a.m.109 views

Ansible 2.1.4 / 2.2.1 Command Execution

Computest security advisory CT-2017-0109 Summary: Command execution on Ansible controller from host Affected software: Ansible CVE: CVE-2016-9587 Reference URL: https://www.computest.nl/advisories/ CT-2017-0109Ansible.txt Affected versions: 2.1.4, 2.2.1 Credit: Undisclosed at Computest...

0.3AI score0.1765EPSS
Exploits5
Prion
Prion
added 2015/12/17 7:59 p.m.21 views

Command injection

The AcuWVSSchedulerv10 service in Acunetix Web Vulnerability Scanner WVS before 10 build 20151125 allows local users to gain privileges via a command parameter in the reporttemplate property in a params JSON object to api/addScan...

7.2CVSS7AI score0.01102EPSS
Exploits5References3Affected Software1
NVD
NVD
added 2015/12/17 7:59 p.m.28 views

CVE-2015-4027

The AcuWVSSchedulerv10 service in Acunetix Web Vulnerability Scanner WVS before 10 build 20151125 allows local users to gain privileges via a command parameter in the reporttemplate property in a params JSON object to api/addScan...

7.2CVSS6.4AI score0.01102EPSS
Exploits5References3
NVD
NVD
added 2015/01/16 3:59 p.m.23 views

CVE-2015-1058

Multiple cross-site scripting XSS vulnerabilities in AdaptCMS 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 dataCategorytitle parameter to admin/categories/add, 2 dataFieldtitle parameter to admin/fields/ajaxfields/, 3 name property in a basicInfo JSON object to...

4.3CVSS5.8AI score0.04266EPSS
Exploits2References9
Prion
Prion
added 2015/01/16 3:59 p.m.23 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in AdaptCMS 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 dataCategorytitle parameter to admin/categories/add, 2 dataFieldtitle parameter to admin/fields/ajaxfields/, 3 name property in a basicInfo JSON object to...

4.3CVSS6AI score0.04266EPSS
Exploits2References9Affected Software1
Rows per page
Query Builder