469 matches found
CVE-2018-21234
Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when setClassMetadataName is set...
CVE-2018-21234
Jodd before 5.0.4 is affected by CVE-2018-21234: Deserialization of Untrusted JSON Data when setClassMetadataName is set. The issue stems from how the library handles deserialization, enabling potentially untrusted data to be deserialized. Impact is indicated as high (NVD CVSS v3.1 base score 9.8...
Zephyr Code Execution Vulnerability
Zephyr is an open source, small, scalable real-time operating system from the Linux Foundation. A security vulnerability exists in Zephyr versions 2.1.0 and later and 2.2.0 and later. An attacker can exploit this vulnerability by sending a malformed JSON file to the UpdateHub server to cause a...
CVE-2020-9463
Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the serverip field in JSON data in an api/internal.php?object=centreonconfigurationremote request...
CVE-2020-9463
Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the serverip field in JSON data in an api/internal.php?object=centreonconfigurationremote request...
Cross site request forgery (csrf)
Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the serverip field in JSON data in an api/internal.php?object=centreonconfigurationremote request...
CVE-2020-9463
Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the serverip field in JSON data in an api/internal.php?object=centreonconfigurationremote request...
CVE-2020-9463
Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the serverip field in JSON data in an api/internal.php?object=centreonconfigurationremote request. Recent assessments: kevthehermit at February 28, 2020 7:40pm UTC reported: Centreon is a...
CVE-2020-7980
Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed...
CVE-2020-7980
Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed...
Design/Logic Flaw
Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed...
EulerOS 2.0 SP3 : jansson (EulerOS-SA-2019-2597)
According to the version of the jansson package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service deep recursion, stack consumption, and crash via crafted JS...
DEBIAN-CVE-2014-8179
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation...
Ffuf - Fast Web Fuzzer Written In Go
A fast web fuzzer written in Go. Heavily inspired by the great projects gobuster and wfuzz. Features Fast! Allows fuzzing of HTTP header values, POST data, and different parts of URL, including GET parameter names and values Silent mode -s for clean output that's easy to use in pipes to other...
EulerOS 2.0 SP2 : jansson (EulerOS-SA-2019-2396)
According to the version of the jansson package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service deep recursion, stack consumption, and crash via crafted JS...
Security Advisory - Remote Code Execution Vulnerability in Fastjson
A remote code execution vulnerability exists in the open-source JSON parsing library Fastjson. Remote attackers can send crafted JSON data packets to exploit this vulnerability. Successfully exploit could allow the attacker to execute arbitrary code on the target Fastjson server. Vulnerability ID...
Mersive Solstice 2.8.0 Remote Code Execution
Exploit Title: Mersive Solstice 2.8.0 - Remote Code Execution Google Dork: N/A Date: 2016-12-23 Exploit Author: Alexandre Teyar Vendor Homepage: https://www2.mersive.com/ Firmware Link: http://www.mersive.com/Support/Releases/SolsticeServer/SGE/Android/2.8.0/Solstice.apk Versions: 2.8.0 Tested On...
Exploit for CVE-2019-6715
cve-2019-6715 Shout out to TomNomNom for 99.9% of his cod...
Cross-site scripting in Swagger-UI
A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...
Design/Logic Flaw
CloudCTI HIP Integrator Recognition Configuration Tool allows privilege escalation via its EXQUISE integration. This tool communicates with a service Recognition Update Client Service via an insecure communication channel Named Pipe. The data JSON sent via this channel is used to import data from...