377 matches found
IBM OpenPages GRC Platform Security Restriction Bypass Vulnerability
IBM OpenPages GRC Platform is a suite of governance, risk and compliance platforms for managing enterprise risk and compliance challenges. The IBM OpenPages GRC Platform failed to perform adequate access checks on JSON requests, allowing a remote attacker to exploit a vulnerability to change user...
Red Hat OpenShift Origin API Server Denial of Service Vulnerability
Red Hat OpenShift Origin is an open source Platform as a Service PaaS product from Red Hat, Inc. A security vulnerability in the API server of Red Hat OpenShift Origin version 1.0.5 can be exploited by a remote attacker to cause a denial of service crash of the master process with specially craft...
F5 BIG-IP Application Security Manager JSON Content Handling ASM Filter Bypass Vulnerability
F5 BIG-IP is the application switch. The F5 BIG-IP Application Security Manager ASM JSON parser fails to properly filter URL-encoded content, allowing remote attackers to exploit a vulnerability to bypass security filters...
UBUNTU-CVE-2013-6401
Jansson, possibly 2.4 and earlier, does not restrict the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted JSON document...
rubygem-actionpack: unsafe query generation risk (incomplete fix for CVE-2013- 0155)
actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query...
CVE-2013-3861
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 allows remote attackers to cause a denial of service application crash or hang via crafted character sequences in JSON data, aka "JSON Parsing Vulnerability."...
Ruby on Rails Patches DoS, Remote Execution Flaws
Web app framework Ruby on Rails patched two security flaws this week in the open source framework that could have led to denial of service attacks and remote execution vulnerabilities. With builds 3.2.12, 3.1.11 and 2.3.17, the framework fixed a serialized attributes YAML vulnerability...
Spoofing
Spree 0.11.x before 0.11.2 and 0.30.x before 0.30.0 exchanges data using JavaScript Object Notation JSON without a mechanism for validating requests, which allows remote attackers to obtain sensitive information via vectors involving 1 admin/products.json, 2 admin/users.json, or 3...
DEBIAN-CVE-2008-1318
Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows remote attackers to obtain sensitive "cross-site" information via the callback parameter in an API call for JavaScript Object Notation JSON formatted results...
MediaWiki JSON Callback Crafted API Request Information Disclosure
The version of MediaWiki installed on the remote host is affected by an information disclosure vulnerability. A remote attacker can exploit this via the 'callback' parameter in an API call for JavaScript Object Notation JSON formatted results. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
Design/Logic Flaw
The Script.aculo.us framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using...
Design/Logic Flaw
The Moo.fx framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other...
CVE-2007-2382
The Moo.fx framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other...
CVE-2007-2383
The Prototype prototypejs framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and...
PT-2007-3710 · Getahead · Getahead Dwr
Name of the Vulnerable Software and Affected Versions: Getahead Direct Web Remoting DWR framework version 1.1.4 Description: The issue allows remote attackers to obtain data through a web page that retrieves the data using a URL in the SRC attribute of a SCRIPT element and captures the data using...
PT-2007-3711 · Google · Google Web Toolkit
Name of the Vulnerable Software and Affected Versions: Google Web Toolkit GWT affected versions not specified Description: The issue concerns the exchange of data using JavaScript Object Notation JSON without proper protection, allowing remote attackers to obtain the data. This can be achieved...
PT-2007-3709 · Dojo Foundation · Dojo
Name of the Vulnerable Software and Affected Versions: Dojo framework affected versions not specified Description: The issue concerns the exchange of data using JavaScript Object Notation JSON without proper protection, allowing remote attackers to obtain the data. This is achieved through a web...