Lucene search
K

470 matches found

Hacker One
Hacker One
added 2017/08/26 6:18 p.m.19 views

GSA Bounty: Cross-Site Request Forgery on the Federalist API (all endpoints), using Flash file on the attacker's host

We endorse sp1d3rs's summary! The PR fixing this ticket is here: https://github.com/18F/federalist/pull/1157 Thanks to the 18F team for the great experience, fast fix, and the bounty! The report details i requested the limited disclosure due to lot of sensitive info in the attachments and report...

Exploits0
Veracode
Veracode
added 2017/07/30 8:19 a.m.35 views

Cross-site Scripting (XSS)

TYPO3 CMS is vulnerable to cross-site scripting XSS attacks. The library does not properly encode user input, allowing a malicious user to inject and execute arbitrary webscript when storing JSON data...

3.5CVSS5.6AI score0.01449EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2017/07/20 12:29 p.m.17 views

CVE-2017-9785

Csrf.cs in NancyFX Nancy before 1.4.4 and 2.x before 2.0-dangermouse has Remote Code Execution via Deserialization of JSON data in a CSRF Cookie...

9.8CVSS7.9AI score
Exploits0References1
Exploit DB
Exploit DB
added 2017/06/09 12:0 a.m.165 views

Uniview NVR - Password Disclosure

Uniview NVR remote passwords disclosure Author: B1t The Uniview NVR web application does not enforce authorizations on the main.cgi file when requesting json data. It says that you can do anything without authentication, however you must know the request structure. In addition, the users' passwor...

7.4AI score
Exploits0
Veracode
Veracode
added 2017/04/27 6:42 a.m.28 views

Denial Of Service (DoS)

github.com/kubernetes/kubernetes is vulnerable to denial of service attacks. These attacks can be triggered by invalid JSON data. The invalid JSON data causes github.com/kubernetes/kubernetes to panic and cause a nil pointer dereference causing the master process to crash. This is related to...

5.8AI score0.01952EPSS
Exploits0
Veracode
Veracode
added 2017/02/01 5:44 a.m.14 views

Denial Of Service (DoS)

Jansson is vulnerable to denial of service DoS attacks. These attacks are possible though JSON data, causing deep recursion, stack consumption and eventually crashing the application...

7.5CVSS7.1AI score0.01894EPSS
Exploits0References3Affected Software1
Atlassian
Atlassian
added 2016/10/11 1:45 p.m.26 views

Empty REST API result return for User without Browse Users permission

h3. Summary User A who do not have permission to Browse Users but have Administrator and/or System Administrator will have REST API result return empty. As an example of the json data return: code:borderStyle=dashed code h3. Steps to Reproduce Create User A Gives User A permission to Administrato...

1AI score
Exploits0Affected Software1
OSV
OSV
added 2016/05/25 1:59 a.m.4 views

CVE-2016-1406

The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID...

8.8CVSS5.8AI score0.0162EPSS
Exploits0References2
NVD
NVD
added 2016/05/25 1:59 a.m.24 views

CVE-2016-1406

The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID...

8.8CVSS8.4AI score0.0162EPSS
Exploits0References2
Prion
Prion
added 2016/05/25 1:59 a.m.17 views

Design/Logic Flaw

The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID...

6.5CVSS6.8AI score0.0162EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2016/05/25 1:0 a.m.33 views

CVE-2016-1406

The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID...

8.5AI score0.0162EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2016/05/23 11:40 p.m.6 views

jq: heap-buffer-overflow in tokenadd() function

A heap-based buffer overflow flaw was found in jq's tokenadd function. By tricking a victim into processing a specially crafted JSON file, an attacker could use this flaw to crash jq or, potentially, execute arbitrary code on the victim's system...

10CVSS6.3AI score0.07495EPSS
Exploits0References5
Mageia
Mageia
added 2016/05/21 10:11 p.m.30 views

Updated jansson packages fix CVE-2016-4425

Updated jansson packages fix security vulnerability: Gustavo Grieco discovered that jansson did not limit the recursion depth when parsing JSON arrays and objects. This could allow remote attackers to cause a denial of service crash via stack exhaustion, using crafted JSON data CVE-2016-4425...

7.5CVSS4.9AI score0.01894EPSS
Exploits0References2
NVD
NVD
added 2016/05/17 2:8 p.m.15 views

CVE-2016-4425

Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service deep recursion, stack consumption, and crash via crafted JSON data...

7.5CVSS7.2AI score0.01894EPSS
Exploits0References7
OSV
OSV
added 2016/05/17 2:8 p.m.7 views

CVE-2016-4425

Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service deep recursion, stack consumption, and crash via crafted JSON data...

7.5CVSS7.3AI score
Exploits0References7
Prion
Prion
added 2016/05/17 2:8 p.m.13 views

Code injection

Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service deep recursion, stack consumption, and crash via crafted JSON data...

5CVSS6.8AI score0.01894EPSS
Exploits0References7Affected Software1
UbuntuCve
UbuntuCve
added 2016/05/17 2:8 p.m.25 views

CVE-2016-4425

Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service deep recursion, stack consumption, and crash via crafted JSON data...

7.5CVSS7.1AI score0.01894EPSS
Exploits0References3
OSV
OSV
added 2016/05/17 2:8 p.m.7 views

UBUNTU-CVE-2016-4425

Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service deep recursion, stack consumption, and crash via crafted JSON data...

7.5CVSS5.8AI score0.01894EPSS
Exploits0References4
Cvelist
Cvelist
added 2016/05/17 2:0 p.m.32 views

CVE-2016-4425

Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service deep recursion, stack consumption, and crash via crafted JSON data...

7.2AI score0.01894EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2016/05/17 2:0 p.m.47 views

CVE-2016-4425

Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service deep recursion, stack consumption, and crash via crafted JSON data...

7.5CVSS7.3AI score0.01894EPSS
Exploits0
Rows per page
Query Builder