Lucene search
K

377 matches found

CNVD
CNVD
added 2015/09/27 12:0 a.m.7 views

IBM OpenPages GRC Platform Security Restriction Bypass Vulnerability

IBM OpenPages GRC Platform is a suite of governance, risk and compliance platforms for managing enterprise risk and compliance challenges. The IBM OpenPages GRC Platform failed to perform adequate access checks on JSON requests, allowing a remote attacker to exploit a vulnerability to change user...

4CVSS6.8AI score0.01144EPSS
Exploits0References1
CNVD
CNVD
added 2015/09/10 12:0 a.m.4 views

Red Hat OpenShift Origin API Server Denial of Service Vulnerability

Red Hat OpenShift Origin is an open source Platform as a Service PaaS product from Red Hat, Inc. A security vulnerability in the API server of Red Hat OpenShift Origin version 1.0.5 can be exploited by a remote attacker to cause a denial of service crash of the master process with specially craft...

4CVSS6.8AI score0.01952EPSS
Exploits0References1
CNVD
CNVD
added 2015/05/11 12:0 a.m.4 views

F5 BIG-IP Application Security Manager JSON Content Handling ASM Filter Bypass Vulnerability

F5 BIG-IP is the application switch. The F5 BIG-IP Application Security Manager ASM JSON parser fails to properly filter URL-encoded content, allowing remote attackers to exploit a vulnerability to bypass security filters...

7AI score
Exploits0References1
OSV
OSV
added 2014/03/21 1:4 a.m.7 views

UBUNTU-CVE-2013-6401

Jansson, possibly 2.4 and earlier, does not restrict the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted JSON document...

5CVSS5.8AI score0.01969EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2014/01/06 6:2 p.m.5 views

rubygem-actionpack: unsafe query generation risk (incomplete fix for CVE-2013- 0155)

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query...

6.4CVSS7.2AI score0.02371EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2013/10/09 2:53 p.m.3 views

CVE-2013-3861

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 allows remote attackers to cause a denial of service application crash or hang via crafted character sequences in JSON data, aka "JSON Parsing Vulnerability."...

7.8CVSS5.6AI score0.83018EPSS
Exploits0References4
ThreatPost
ThreatPost
added 2013/02/13 5:51 p.m.43 views

Ruby on Rails Patches DoS, Remote Execution Flaws

Web app framework Ruby on Rails patched two security flaws this week in the open source framework that could have led to denial of service attacks and remote execution vulnerabilities. With builds 3.2.12, 3.1.11 and 2.3.17, the framework fixed a serialized attributes YAML vulnerability...

10CVSS3.3AI score0.13911EPSS
Exploits2References6
Prion
Prion
added 2010/11/17 4:0 p.m.16 views

Spoofing

Spree 0.11.x before 0.11.2 and 0.30.x before 0.30.0 exchanges data using JavaScript Object Notation JSON without a mechanism for validating requests, which allows remote attackers to obtain sensitive information via vectors involving 1 admin/products.json, 2 admin/users.json, or 3...

5CVSS6.7AI score0.02534EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2008/03/13 2:44 p.m.3 views

DEBIAN-CVE-2008-1318

Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows remote attackers to obtain sensitive "cross-site" information via the callback parameter in an API call for JavaScript Object Notation JSON formatted results...

5CVSS6.5AI score0.01522EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2008/03/04 12:0 a.m.30 views

MediaWiki JSON Callback Crafted API Request Information Disclosure

The version of MediaWiki installed on the remote host is affected by an information disclosure vulnerability. A remote attacker can exploit this via the 'callback' parameter in an API call for JavaScript Object Notation JSON formatted results. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

5CVSS5.5AI score0.01522EPSS
Exploits0References2
Prion
Prion
added 2007/04/30 11:19 p.m.17 views

Design/Logic Flaw

The Script.aculo.us framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using...

7.8CVSS6.7AI score0.01341EPSS
Exploits0References2
Prion
Prion
added 2007/04/30 11:19 p.m.18 views

Design/Logic Flaw

The Moo.fx framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other...

5CVSS7AI score0.01557EPSS
Exploits0References2
NVD
NVD
added 2007/04/30 11:19 p.m.25 views

CVE-2007-2382

The Moo.fx framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other...

5CVSS6.5AI score0.01557EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2007/04/30 11:0 p.m.53 views

CVE-2007-2383

The Prototype prototypejs framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and...

5CVSS6.2AI score0.02374EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2007/04/30 12:0 a.m.6 views

PT-2007-3710 · Getahead · Getahead Dwr

Name of the Vulnerable Software and Affected Versions: Getahead Direct Web Remoting DWR framework version 1.1.4 Description: The issue allows remote attackers to obtain data through a web page that retrieves the data using a URL in the SRC attribute of a SCRIPT element and captures the data using...

5CVSS6.2AI score0.01877EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2007/04/30 12:0 a.m.8 views

PT-2007-3711 · Google · Google Web Toolkit

Name of the Vulnerable Software and Affected Versions: Google Web Toolkit GWT affected versions not specified Description: The issue concerns the exchange of data using JavaScript Object Notation JSON without proper protection, allowing remote attackers to obtain the data. This can be achieved...

5CVSS6.1AI score0.00734EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2007/04/30 12:0 a.m.8 views

PT-2007-3709 · Dojo Foundation · Dojo

Name of the Vulnerable Software and Affected Versions: Dojo framework affected versions not specified Description: The issue concerns the exchange of data using JavaScript Object Notation JSON without proper protection, allowing remote attackers to obtain the data. This is achieved through a web...

5CVSS6.2AI score0.01557EPSS
Exploits0References3
Rows per page
Query Builder