Spoofing

Spree 0.11.x before 0.11.2 and 0.30.x before 0.30.0 exchanges data using JavaScript Object Notation JSON without a mechanism for validating requests, which allows remote attackers to obtain sensitive information via vectors involving 1 admin/products.json, 2 admin/users.json, or 3...

DEBIAN-CVE-2008-1318

Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows remote attackers to obtain sensitive "cross-site" information via the callback parameter in an API call for JavaScript Object Notation JSON formatted results...

MediaWiki JSON Callback Crafted API Request Information Disclosure

The version of MediaWiki installed on the remote host is affected by an information disclosure vulnerability. A remote attacker can exploit this via the 'callback' parameter in an API call for JavaScript Object Notation JSON formatted results. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Microsoft Internet Explorer substringData Heap Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of various Microsoft software User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the substringData method available ...

CVE-2007-2382

The Moo.fx framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other...

Design/Logic Flaw

The Moo.fx framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other...

Design/Logic Flaw

The Script.aculo.us framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using...

CVE-2007-2383

The Prototype prototypejs framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and...

PT-2007-3711 · Google · Google Web Toolkit

Name of the Vulnerable Software and Affected Versions: Google Web Toolkit GWT affected versions not specified Description: The issue concerns the exchange of data using JavaScript Object Notation JSON without proper protection, allowing remote attackers to obtain the data. This can be achieved...

PT-2007-3709 · Dojo Foundation · Dojo

Name of the Vulnerable Software and Affected Versions: Dojo framework affected versions not specified Description: The issue concerns the exchange of data using JavaScript Object Notation JSON without proper protection, allowing remote attackers to obtain the data. This is achieved through a web...

PT-2007-3710 · Getahead · Getahead Dwr

Name of the Vulnerable Software and Affected Versions: Getahead Direct Web Remoting DWR framework version 1.1.4 Description: The issue allows remote attackers to obtain data through a web page that retrieves the data using a URL in the SRC attribute of a SCRIPT element and captures the data using...