469 matches found
CVE-2018-14010
OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data...
Cross site request forgery (csrf)
The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scanresults JSON data, which allows remote attackers to determine the physical location of most web browsers by leveraging the presence of one of these devices on its...
CVE-2018-11481
TP-LINK IPC TL-IPC223P-6, TL-IPC323K-D, TL-IPC325KP-, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua does not block various punctuation characters...
CVE-2018-11481
TP-LINK IPC TL-IPC223P-6, TL-IPC323K-D, TL-IPC325KP-, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua does not block various punctuation characters...
CVE-2018-9995
TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin"...
CVE-2018-9995
TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a “Cookie: uid=admin”...
CVE-2017-8046
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 Ingalls SR9, versions prior to 3.0.1 Kay SR1 and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code...
Spring data rest 远程代码执行(cve-2017-8046)
漏洞描述 漏洞描述 Spring Data Rest 在处理 PATCH 请求时存在RCE高危漏洞, 可以使用手工构造的JSON数据构造恶意PATCH请求提交至spring-data-rest服务器,使得服务器运行恶意JAVA代码。Spring Data Rest项目的目标是提供一种灵活的、可配置的机制,编写出可以对外暴露出HTTP协议的简单服务。 Git地址: https://github.com/spring-projects/spring-data-rest 漏洞来源: https://pivotal.io/security/cve-2017-8046 影响版本: Spring...
Node.js third-party modules: Prototype pollution attack (defaults-deep)
As discussed in 309391, here's the separate report for each of the library. This one is the information for the defaults-deep library. Module: https://www.npmjs.com/package/defaults-deep Summary: Utilities function in all the listed modules can be tricked into modifying the prototype of "Object"...
PT-2018-5359 · Ethereum · Cpp-Ethereum
Name of the Vulnerable Software and Affected Versions: cpp-ethereum version affected versions not specified Description: An issue exists in the miner stop API endpoint of cpp-ethereum's JSON-RPC, where improper authorization can be exploited. An attacker can send JSON data to trigger this issue...
Code injection
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 Ingalls SR9, versions prior to 3.0.1 Kay SR1 and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code...
CVE-2017-8046
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 Ingalls SR9, versions prior to 3.0.1 Kay SR1 and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code...
CVE-2017-14943
Trapeze TransitMaster is vulnerable to information disclosure emails / hashed passwords via a modified userID field in JSON data to ManageSubscriber.aspx/GetSubscriber. NOTE: this software is independently deployed at multiple municipal transit systems; it is not found exclusively on the...
Information disclosure
Trapeze TransitMaster is vulnerable to information disclosure emails / hashed passwords via a modified userID field in JSON data to ManageSubscriber.aspx/GetSubscriber. NOTE: this software is independently deployed at multiple municipal transit systems; it is not found exclusively on the...
CVE-2017-14943
Trapeze TransitMaster is vulnerable to information disclosure emails / hashed passwords via a modified userID field in JSON data to ManageSubscriber.aspx/GetSubscriber. NOTE: this software is independently deployed at multiple municipal transit systems; it is not found exclusively on the...
CVE-2017-14943
CVE-2017-14943 affects Trapeze TransitMaster. The vulnerability permits information disclosure (emails and hashed passwords) through a modified userID field in JSON data sent to ManageSubscriber.aspx/GetSubscriber. The available sources describe the impact but do not specify affected versions, ex...
[SECURITY] Fedora 27 Update: python-jwt-1.5.3-1.fc27
A Python implementation of JSON Web Token draft 01. This library provides a means of representing signed content using JSON data structures, including claims to be transferred between two parties encoded as digitally signed and encrypted JSON objects...
Arbitrary Code Execution
spring-data-rest servers are vulnerable to arbitrary code execution attacks. The attacks exist because it does not check the path before processing PATCH requests to the server, allowing the attackers to submit patch requests with malicious JSON data...
CVE-2017-14262
On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUserPasswd parameter...
GSA Bounty: Cross-Site Request Forgery on the Federalist API (all endpoints), using Flash file on the attacker's host
We endorse sp1d3rs's summary! The PR fixing this ticket is here: https://github.com/18F/federalist/pull/1157 Thanks to the 18F team for the great experience, fast fix, and the bounty! The report details i requested the limited disclosure due to lot of sensitive info in the attachments and report...