Lucene search
K

469 matches found

Prion
Prion
added 2011/06/22 9:55 p.m.14 views

Design/Logic Flaw

The json.decode function in util/json.lua in Prosody 0.8.x before 0.8.1 might allow remote attackers to cause a denial of service infinite loop via invalid JSON data, as demonstrated by truncated data...

5CVSS7.1AI score0.01447EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2011/06/22 9:0 p.m.17 views

CVE-2011-2532

The json.decode function in util/json.lua in Prosody 0.8.x before 0.8.1 might allow remote attackers to cause a denial of service infinite loop via invalid JSON data, as demonstrated by truncated data...

6.6AI score0.01447EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2011/06/22 9:0 p.m.18 views

CVE-2011-2532

The json.decode function in util/json.lua in Prosody 0.8.x before 0.8.1 might allow remote attackers to cause a denial of service infinite loop via invalid JSON data, as demonstrated by truncated data...

5CVSS6.2AI score0.01447EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2010/10/26 12:0 a.m.40 views

HTTP Origin Response Header Usage

The remote web server sets an Origin response header in some responses. Origin has been proposed as a way to mitigate cross-site request forgery and JSON data theft. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription...

5.2AI score
Exploits0References3
Prion
Prion
added 2010/04/06 4:30 p.m.18 views

Sql injection

SQL injection vulnerability in the user.authenticate method in the API in Zabbix 1.8 before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the user parameter in JSON data to apijsonrpc.php...

7.5CVSS8.6AI score0.01739EPSS
Exploits1References9Affected Software1
Cvelist
Cvelist
added 2010/04/06 4:0 p.m.30 views

CVE-2010-1277

SQL injection vulnerability in the user.authenticate method in the API in Zabbix 1.8 before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the user parameter in JSON data to apijsonrpc.php...

8AI score0.01739EPSS
Exploits1References9
Prion
Prion
added 2007/04/30 11:19 p.m.13 views

Design/Logic Flaw

The Dojo framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other...

5CVSS7AI score0.01557EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2007/04/30 12:0 a.m.4 views

PT-2007-3713 · Microsoft · Atlas

Name of the Vulnerable Software and Affected Versions: Microsoft Atlas framework affected versions not specified Description: The issue concerns the exchange of data using JavaScript Object Notation JSON without proper protection, allowing remote attackers to obtain the data. This can be achieved...

5CVSS6.2AI score0.12301EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2007/04/30 12:0 a.m.4 views

PT-2007-3715 · Moo.Fx · Moo.Fx

Name of the Vulnerable Software and Affected Versions: Moo.fx framework affected versions not specified Description: The issue concerns the exchange of data using JavaScript Object Notation JSON without proper protection, allowing remote attackers to obtain the data. This is achieved through a we...

5CVSS6.2AI score0.01557EPSS
Exploits0References3
Rows per page
Query Builder