469 matches found
CVE-2019-9745
CloudCTI HIP Integrator Recognition Configuration Tool allows privilege escalation via its EXQUISE integration. This tool communicates with a service Recognition Update Client Service via an insecure communication channel Named Pipe. The data JSON sent via this channel is used to import data from...
CVE-2019-17495
A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...
Design/Logic Flaw
A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...
Code injection
An issue was discovered in the RENPHO application 3.0.0 for iOS. It transmits JSON data unencrypted to a server without an integrity check, if a user changes personal data in his profile tab e.g., exposure of his birthday or logs into his account i.e., exposure of credentials...
CVE-2007-2383
The Prototype prototypejs framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and...
CVE-2019-16999
CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api/osinstall/v1/device/getNumByStatus URI...
CVE-2019-16999
CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api/osinstall/v1/device/getNumByStatus URI...
Sql injection
CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api/osinstall/v1/device/getNumByStatus URI...
CVE-2019-16999
CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api/osinstall/v1/device/getNumByStatus URI...
CVE-2019-16890
Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments...
CVE-2019-16890
Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments...
Hardcoded credentials
Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments...
CVE-2019-16890
Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments...
CVE-2019-16099
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file...
CVE-2019-16099
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file...
Cross site request forgery (csrf)
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file...
Code injection
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to obtain potentially sensitive stack traces by sending incorrect JSON data to the REST API, such as the rest/json/banners URI...
CVE-2019-16099
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file...
CVE-2019-16101
CVE-2019-16101 affects Silver Peak EdgeConnect SD-WAN prior to version 8.1.7.x. The issue allows remote attackers to trigger the REST API by sending malformed JSON (e.g., to rest/json/banners), potentially causing the system to leak sensitive stack traces. Impact is information disclosure via sta...
Debian DLA-1892-1 : flask security update
Flask, a micro web framework for Python contains a CWE-20: Improper Input Validation vulnerability that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. For Debian 8...