Lucene search
K

469 matches found

OSV
OSV
added 2021/10/27 1:29 p.m.6 views

SUSE-SU-2021:3556-1 Security update for salt

This update for salt fixes the following issues: - Support querying for JSON data in external sql pillar. - Exclude the full path of a download URL to prevent injection of malicious code. bsc1190265, CVE-2021-21996...

7.5CVSS7.6AI score0.03449EPSS
Exploits0References3
OSV
OSV
added 2021/10/27 1:28 p.m.6 views

SUSE-SU-2021:3553-1 Security update for Salt

This update fixes the following issues: salt: - Support querying for JSON data in external sql pillar - Exclude the full path of a download URL to prevent injection of malicious code bsc1190265, CVE-2021-21996 - Fix wrong relative paths resolution with Jinja renderer when importing subdirectories...

7.5CVSS7.7AI score0.03449EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2021/09/04 12:0 a.m.18 views

Media File Renamer - Auto & Manual Rename < 5.2.7 - Media Title/Filename/Locking State Update via CSRF

The plugin does not have CSRF in place, which could allow attacker to make a logged in admin change arbitrary uploaded media title, filename, as well as locking state via a CSRF attack Notes: - We were unable to reproduce the issue from an attacker point of view, the endpoints are expecting JSON...

5.4CVSS4.3AI score0.00423EPSS
Exploits1Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/06/09 12:0 a.m.5 views

The vulnerability of the GJSON library in Aurora Application Software lies in the insufficient validation of input data, which allows a perpetrator to trigger a service failure.

The vulnerability of the GJSON library used in Avora software applications is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to trigger a service failure by sending a specially crafted request containing JSON data...

7.5CVSS7.2AI score0.01662EPSS
Exploits1References3Affected Software2
Positive Technologies
Positive Technologies
added 2021/06/02 12:0 a.m.7 views

PT-2021-4289 · Fastapi +1 · Fastapi +1

Name of the Vulnerable Software and Affected Versions: FastAPI versions prior to 0.65.2 Description: The issue is related to a Cross-Site Request Forgery CSRF attack in FastAPI, a web framework for building APIs with Python. In versions lower than 0.65.2, FastAPI would try to read the request...

8.8CVSS7.9AI score0.00804EPSS
Exploits0References20
Check Point Advisories
Check Point Advisories
added 2021/04/27 12:0 a.m.4 views

XStream Library Arbitrary File Deletion (CVE-2020-26259)

An arbitrary file deletion vulnerability exists in the XStream library. The vulnerability is due to improper validation of user input during unmarshalling of XML and JSON data...

6.4CVSS4.2AI score0.82806EPSS
Exploits5
OSV
OSV
added 2021/03/16 5:15 p.m.5 views

CVE-2020-28899

The Web CGI Script on ZyXEL LTE4506-M606 V1.00ABDO.2C0 devices does not require authentication, which allows remote unauthenticated attackers via crafted JSON action data to /cgi-bin/gui.cgi to use all features provided by the router. Examples: change the router password, retrieve the Wi-Fi...

9.1CVSS5.8AI score0.01632EPSS
Exploits0References1
OSV
OSV
added 2021/02/12 6:15 p.m.3 views

CVE-2021-22976

On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and all 12.1.x versions, when the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameters can cause excessive CPU...

7.5CVSS7.1AI score0.00961EPSS
Exploits0References1
OSV
OSV
added 2021/01/08 5:15 p.m.23 views

CVE-2020-35131

Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset URI...

9.8CVSS7.6AI score
Exploits0References3
Cvelist
Cvelist
added 2021/01/08 4:9 p.m.33 views

CVE-2020-35131

Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset URI...

9.8AI score0.49938EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/01/04 12:0 a.m.4 views

Korzio Djv 命令注入漏洞

Korzio Djv is Korzio individual developers of a Javascript-based software used to dynamically verify the Json data format . A command injection vulnerability exists in versions prior to djv 2.1.4, which stems from the lack of proper validation of client-side data by the web application. An attack...

10CVSS7.6AI score0.02996EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2020/10/13 8:19 p.m.28 views

CVE-2019-1010083

A flaw was found in python-flask. Unexpected memory usage can occur through specially crafted encoded JSON data. The highest threat from this vulnerability is to system availability. Note, this may overlap CVE-2018-1000656...

7.5CVSS1.9AI score0.03855EPSS
Exploits1References2
Veracode
Veracode
added 2020/09/24 2:25 a.m.26 views

Cross-site Scripting (XSS)

gon is vulnerable to cross-site scripting XSS attacks. Lack of sanitization of malicious characters within the JSON data in jsondumper.rb allows a malicious user to inject and execute arbitrary javascript in a user's browser...

6.1CVSS4.6AI score0.01376EPSS
Exploits0References3Affected Software1
Exploit DB
Exploit DB
added 2020/07/22 12:0 a.m.734 views

Sophos VPN Web Panel 2020 - Denial of Service (Poc)

Exploit Title: Sophos VPN Web Panel 2020 - Denial of Service Poc Date: 2020-06-17 Exploit Author: Berk KIRAS Vendor Homepage: https://www.sophos.com/ Version:2020 Web Panel Tested on: Apache Berk KIRAS PwC - Cyber Security Specialist Sophos VPN Web Portal Denial of Service Vulnerability System...

7.4AI score
Exploits0
NVD
NVD
added 2020/06/24 7:15 p.m.10 views

CVE-2020-13248

BooleBox Secure File Sharing Utility before 4.2.3.0 allows stored XSS via a crafted avatar field within My Account JSON data to Account.aspx...

5.4CVSS0.00965EPSS
Exploits2References2
CVE
CVE
added 2020/06/24 6:36 p.m.48 views

CVE-2020-13248

BooleBox Secure File Sharing Utility pre-4.2.3.0 suffers a stored XSS vulnerability (CVE-2020-13248) in the My Account avatar data sent to Account.aspx. A crafted avatar field can execute scripts in the affected session. Root cause: insufficient validation of the avatar JSON parameter. The CVE en...

5.4CVSS5AI score0.00965EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2020/06/11 7:15 p.m.12 views

CVE-2020-12725

Havoc Research discovered an authenticated Server-Side Request Forgery SSRF via the "JSON" data source of Redash open-source 8.0.0 and prior. Possibly, other connectors are affected. The SSRF is potent and provides a lot of flexibility in terms of being able to craft HTTP requests e.g., by adding...

7.2CVSS6.7AI score
Exploits0References3
Prion
Prion
added 2020/06/11 7:15 p.m.18 views

Server side request forgery (ssrf)

Havoc Research discovered an authenticated Server-Side Request Forgery SSRF via the "JSON" data source of Redash open-source 8.0.0 and prior. Possibly, other connectors are affected. The SSRF is potent and provides a lot of flexibility in terms of being able to craft HTTP requests e.g., by adding...

6.5CVSS6.8AI score0.01318EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2020/06/11 6:50 p.m.11 views

CVE-2020-12725

Havoc Research discovered an authenticated Server-Side Request Forgery SSRF via the "JSON" data source of Redash open-source 8.0.0 and prior. Possibly, other connectors are affected. The SSRF is potent and provides a lot of flexibility in terms of being able to craft HTTP requests e.g., by adding...

6.9AI score0.01318EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2020/06/11 12:0 a.m.4 views

PT-2020-13229 · Redash · Redash

Name of the Vulnerable Software and Affected Versions: Redash open-source versions 8.0.0 and prior Description: An authenticated Server-Side Request Forgery SSRF was discovered via the JSON data source. This issue provides flexibility in crafting HTTP requests, such as adding headers and selectin...

7.2CVSS6.9AI score0.01318EPSS
Exploits1References7
Rows per page
Query Builder