469 matches found
Default credentials
CScms 4.1 allows arbitrary file upload by for example adding the php extension to the default filetype list gif, jpg, png, and then providing a .php pathname within fileurl JSON data...
CVE-2018-16731
CScms 4.1 allows arbitrary file upload by for example adding the php extension to the default filetype list gif, jpg, png, and then providing a .php pathname within fileurl JSON data...
Flask is vulnerable to Denial of Service via incorrect encoding of JSON data
The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. Th...
Double free
Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could...
CVE-2018-1000216
Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could...
CVE-2018-1000216
Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could...
CVE-2018-1000656
The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. Th...
CVE-2018-1000656
The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. Th...
Input validation
The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. Th...
CVE-2018-1000656
The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. Th...
PYSEC-2018-53
The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. Th...
CVE-2018-1000656
The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. Th...
CVE-2018-1000656
The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. Th...
CVE-2018-1000656
Summary (CVE-2018-1000656) The Flask component of the Pallets Project (Python) prior to 0.12.3 contains a CWE-20 Improper Input Validation vulnerability that can cause excessive memory usage, potentially leading to denial of service. The documented attack vector involves attackers sending JSON da...
Design/Logic Flaw
libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php.jpg URI in the SRC attribute of an IMG element within infocontent JSON data to the index.php?m=member&c=index&a=register URI...
CVE-2018-14399
libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php.jpg URI in the SRC attribute of an IMG element within infocontent JSON data to the index.php?m=member&c=index&a=register URI...
TP-Link Archer C2 Router 3.0 Remote Code Execution
Exploit Title: UnAuthenticated Remote Code Execution at TP-Link Archer C2 Router Date: 17.07.2018 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.tp-link.com/ Hardware Link : https://www.tp-link.com/la/products/details/cat-9Archer-C2.html Hardware Version : Archer C2 v3.0 Firmware...
Command injection
OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/setrouterwifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data...
CVE-2018-14010
OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data...
Command injection
OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data...