Lucene search
K

469 matches found

Cvelist
Cvelist
added 2020/05/21 10:15 p.m.24 views

CVE-2018-21234

Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when setClassMetadataName is set...

9.6AI score0.08318EPSS
Exploits0References14
CVE
CVE
added 2020/05/21 10:15 p.m.104 views

CVE-2018-21234

Jodd before 5.0.4 is affected by CVE-2018-21234: Deserialization of Untrusted JSON Data when setClassMetadataName is set. The issue stems from how the library handles deserialization, enabling potentially untrusted data to be deserialized. Impact is indicated as high (NVD CVSS v3.1 base score 9.8...

9.8CVSS9.4AI score0.08318EPSS
Exploits0References14Affected Software1
CNVD
CNVD
added 2020/05/12 12:0 a.m.1 views

Zephyr Code Execution Vulnerability

Zephyr is an open source, small, scalable real-time operating system from the Linux Foundation. A security vulnerability exists in Zephyr versions 2.1.0 and later and 2.2.0 and later. An attacker can exploit this vulnerability by sending a malformed JSON file to the UpdateHub server to cause a...

9.8CVSS7.3AI score0.02319EPSS
Exploits0References1
OSV
OSV
added 2020/02/28 6:15 p.m.2 views

CVE-2020-9463

Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the serverip field in JSON data in an api/internal.php?object=centreonconfigurationremote request...

8.8CVSS7.6AI score0.04122EPSS
Exploits1References1
NVD
NVD
added 2020/02/28 6:15 p.m.19 views

CVE-2020-9463

Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the serverip field in JSON data in an api/internal.php?object=centreonconfigurationremote request...

9CVSS8.8AI score0.04122EPSS
Exploits1References1
Prion
Prion
added 2020/02/28 6:15 p.m.14 views

Cross site request forgery (csrf)

Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the serverip field in JSON data in an api/internal.php?object=centreonconfigurationremote request...

9CVSS8.7AI score0.04122EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/02/28 5:55 p.m.25 views

CVE-2020-9463

Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the serverip field in JSON data in an api/internal.php?object=centreonconfigurationremote request...

8.8AI score0.04122EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2020/02/28 12:0 a.m.24 views

CVE-2020-9463

Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the serverip field in JSON data in an api/internal.php?object=centreonconfigurationremote request. Recent assessments: kevthehermit at February 28, 2020 7:40pm UTC reported: Centreon is a...

9CVSS0.9AI score0.04122EPSS
Exploits1References2
OSV
OSV
added 2020/01/25 7:15 p.m.3 views

CVE-2020-7980

Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed...

9.8CVSS7.6AI score0.82956EPSS
Exploits7References3
NVD
NVD
added 2020/01/25 7:15 p.m.51 views

CVE-2020-7980

Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed...

10CVSS9.9AI score0.82956EPSS
Exploits7References3
Prion
Prion
added 2020/01/25 7:15 p.m.12 views

Design/Logic Flaw

Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed...

10CVSS9.7AI score0.82956EPSS
Exploits7References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/12/18 12:0 a.m.27 views

EulerOS 2.0 SP3 : jansson (EulerOS-SA-2019-2597)

According to the version of the jansson package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service deep recursion, stack consumption, and crash via crafted JS...

7.5CVSS7.2AI score0.01894EPSS
Exploits0References2
OSV
OSV
added 2019/12/17 6:15 p.m.5 views

DEBIAN-CVE-2014-8179

Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation...

7.5CVSS7.2AI score0.02733EPSS
Exploits0References1
Kitploit
Kitploit
added 2019/12/11 11:30 a.m.103 views

Ffuf - Fast Web Fuzzer Written In Go

A fast web fuzzer written in Go. Heavily inspired by the great projects gobuster and wfuzz. Features Fast! Allows fuzzing of HTTP header values, POST data, and different parts of URL, including GET parameter names and values Silent mode -s for clean output that's easy to use in pipes to other...

7.1AI score
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2019/12/10 12:0 a.m.26 views

EulerOS 2.0 SP2 : jansson (EulerOS-SA-2019-2396)

According to the version of the jansson package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service deep recursion, stack consumption, and crash via crafted JS...

7.5CVSS7.2AI score0.01894EPSS
Exploits0References2
Huawei
Huawei
added 2019/12/04 12:0 a.m.78 views

Security Advisory - Remote Code Execution Vulnerability in Fastjson

A remote code execution vulnerability exists in the open-source JSON parsing library Fastjson. Remote attackers can send crafted JSON data packets to exploit this vulnerability. Successfully exploit could allow the attacker to execute arbitrary code on the target Fastjson server. Vulnerability ID...

8.4AI score
Exploits0Affected Software8
Packet Storm
Packet Storm
added 2019/11/28 12:0 a.m.241 views

Mersive Solstice 2.8.0 Remote Code Execution

Exploit Title: Mersive Solstice 2.8.0 - Remote Code Execution Google Dork: N/A Date: 2016-12-23 Exploit Author: Alexandre Teyar Vendor Homepage: https://www2.mersive.com/ Firmware Link: http://www.mersive.com/Support/Releases/SolsticeServer/SGE/Android/2.8.0/Solstice.apk Versions: 2.8.0 Tested On...

8.9AI score0.1745EPSS
Exploits5
GithubExploit
GithubExploit
added 2019/11/12 2:47 p.m.404 views

Exploit for CVE-2019-6715

cve-2019-6715 Shout out to TomNomNom for 99.9% of his cod...

7.5CVSS7.7AI score0.19396EPSS
Exploits4
Github Security Blog
Github Security Blog
added 2019/10/15 7:27 p.m.57 views

Cross-site scripting in Swagger-UI

A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...

9.8CVSS3.8AI score0.0558EPSS
Exploits1References15Affected Software4
Prion
Prion
added 2019/10/14 3:15 p.m.15 views

Design/Logic Flaw

CloudCTI HIP Integrator Recognition Configuration Tool allows privilege escalation via its EXQUISE integration. This tool communicates with a service Recognition Update Client Service via an insecure communication channel Named Pipe. The data JSON sent via this channel is used to import data from...

7.2CVSS7.8AI score0.0047EPSS
Exploits2References2
Rows per page
Query Builder