Lucene search
K

469 matches found

Prion
Prion
added 2018/09/08 3:29 p.m.13 views

Default credentials

CScms 4.1 allows arbitrary file upload by for example adding the php extension to the default filetype list gif, jpg, png, and then providing a .php pathname within fileurl JSON data...

7.5CVSS9.4AI score0.01491EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2018/09/08 3:0 p.m.15 views

CVE-2018-16731

CScms 4.1 allows arbitrary file upload by for example adding the php extension to the default filetype list gif, jpg, png, and then providing a .php pathname within fileurl JSON data...

9.5AI score0.01491EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2018/08/23 7:10 p.m.39 views

Flask is vulnerable to Denial of Service via incorrect encoding of JSON data

The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. Th...

7.5CVSS7.4AI score0.03855EPSS
Exploits1References9Affected Software1
Prion
Prion
added 2018/08/20 8:29 p.m.19 views

Double free

Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could...

6.8CVSS8.5AI score0.01471EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/08/20 8:29 p.m.20 views

CVE-2018-1000216

Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could...

8.8CVSS6.6AI score
Exploits0References1
Cvelist
Cvelist
added 2018/08/20 8:0 p.m.28 views

CVE-2018-1000216

Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could...

8.6AI score0.01471EPSS
Exploits1References1
NVD
NVD
added 2018/08/20 7:31 p.m.21 views

CVE-2018-1000656

The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. Th...

7.5CVSS7.5AI score0.03855EPSS
Exploits1References5
OSV
OSV
added 2018/08/20 7:31 p.m.30 views

CVE-2018-1000656

The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. Th...

7.5CVSS7.5AI score
Exploits0References5
Prion
Prion
added 2018/08/20 7:31 p.m.18 views

Input validation

The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. Th...

5CVSS7.4AI score0.03855EPSS
Exploits1References5Affected Software1
UbuntuCve
UbuntuCve
added 2018/08/20 7:31 p.m.38 views

CVE-2018-1000656

The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. Th...

7.5CVSS6.7AI score0.03855EPSS
Exploits1References3
OSV
OSV
added 2018/08/20 7:31 p.m.18 views

PYSEC-2018-53

The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. Th...

6.8AI score
Exploits0References5
Cvelist
Cvelist
added 2018/08/20 7:0 p.m.20 views

CVE-2018-1000656

The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. Th...

7.5AI score0.03855EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2018/08/20 7:0 p.m.29 views

CVE-2018-1000656

The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. Th...

7.5CVSS7.7AI score0.03855EPSS
Exploits1
CVE
CVE
added 2018/08/20 7:0 p.m.423 views

CVE-2018-1000656

Summary (CVE-2018-1000656) The Flask component of the Pallets Project (Python) prior to 0.12.3 contains a CWE-20 Improper Input Validation vulnerability that can cause excessive memory usage, potentially leading to denial of service. The documented attack vector involves attackers sending JSON da...

7.5CVSS7.4AI score0.03855EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2018/07/19 5:29 a.m.19 views

Design/Logic Flaw

libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php.jpg URI in the SRC attribute of an IMG element within infocontent JSON data to the index.php?m=member&c=index&a=register URI...

7.5CVSS9.7AI score0.01472EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/07/19 5:0 a.m.27 views

CVE-2018-14399

libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php.jpg URI in the SRC attribute of an IMG element within infocontent JSON data to the index.php?m=member&c=index&a=register URI...

9.7AI score0.01472EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2018/07/17 12:0 a.m.28 views

TP-Link Archer C2 Router 3.0 Remote Code Execution

Exploit Title: UnAuthenticated Remote Code Execution at TP-Link Archer C2 Router Date: 17.07.2018 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.tp-link.com/ Hardware Link : https://www.tp-link.com/la/products/details/cat-9Archer-C2.html Hardware Version : Archer C2 v3.0 Firmware...

0.1AI score
Exploits0
Prion
Prion
added 2018/07/15 3:29 a.m.21 views

Command injection

OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/setrouterwifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data...

10CVSS9.7AI score0.04516EPSS
Exploits2References2Affected Software1
NVD
NVD
added 2018/07/15 3:29 a.m.11 views

CVE-2018-14010

OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data...

10CVSS9.8AI score0.04516EPSS
Exploits2References2
Prion
Prion
added 2018/07/15 3:29 a.m.17 views

Command injection

OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data...

10CVSS9.7AI score0.04516EPSS
Exploits2References2Affected Software4
Rows per page
Query Builder