Flask is vulnerable to Denial of Service via incorrect encoding of JSON data

The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. Th...

GHSA-VXVP-4XWC-JPP6 activesupport Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in json/encoding.rb in Active Support in Ruby on Rails 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding...

activesupport Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in json/encoding.rb in Active Support in Ruby on Rails 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding...

Hackers with Credit Card Scrapers Continue to Target Magento

Attackers continue to take aim at the e-commerce platform Magento. Researchers said last week they came across a malicious function snuck into one of the platform’s modules in order to steal credit card information. Code for the function was injected into a .php file for SF9 Realex, a module that...

Ian Dunn: unchecked unserialize usage in WordPress-Functionality-Plugin-Skeleton/functionality-plugin-skeleton.php

in: https://github.com/iandunn/WordPress-Functionality-Plugin-Skeleton/blob/547216caf1bef2664ec3920a9c749191dea13aeb/functionality-plugin-skeleton.phpL108 there is usage of unserialize function public function blockpluginupdates $request, $url if 0 !== strpos $url, self::PLUGINUPDATECHECKURL //...

Internet Bug Bounty: Python 2.7 32-bit JSON encoding heap corruption

https://bugs.python.org/issue28284 https://hg.python.org/cpython/rev/9375c8834448 Among other things this vulnerability will be triggered when JSON-encoding a dict with a very large key: python -c 'import json; json.dumpschr0x220x2AAAAAAB:0'...

EUVD-2015-8719

Off-by-one error in the tokenadd function in jvparse.c in jq allows remote attackers to cause a denial of service crash via a long JSON-encoded number, which triggers a heap-based buffer overflow...

Internet Bug Bounty: EIP control using type confusion in json encoding

https://bugs.python.org/issue24683 File 'eip.py' posted on the issue page proves EIP control...

CVE-2015-3226

Cross-site scripting XSS vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding...

DEBIAN-CVE-2015-3226

Cross-site scripting XSS vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding...

CVE-2015-3226

Cross-site scripting XSS vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding...

Cross site scripting

Cross-site scripting XSS vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding...

CVE-2015-3226

Cross-site scripting XSS vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding...

UBUNTU-CVE-2015-3226

Cross-site scripting XSS vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding...

CVE-2015-3226

CVE-2015-3226 is an XSS vulnerability in Active Support's JSON encoding (ActiveSupport::JSON.encode) where a Hash with user-controlled data is mishandled during JSON encoding, potentially injecting script/HTML when inserted into HTML. Affected are Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2...

CVE-2015-3226

Cross-site scripting XSS vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding...

CVE-2015-3226

Cross-site scripting XSS vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding...

Internet Bug Bounty: Integer overflow in _json_encode_unicode leads to crash

http://bugs.python.org/issue24522 static PyObject escapeunicodePyObject pystr / Take a PyUnicode pystr and return a new escaped PyUnicode / Pyssizet i; Pyssizet inputchars; Pyssizet outputsize; Pyssizet chars; PyObject rval; void input; int kind; PyUCS4 maxchar; if PyUnicodeREADYpystr == -1 retur...

Internet Bug Bounty: Multiple use after free bugs in json encoding

https://bugs.python.org/issue24094 https://bugs.python.org/issue24095 https://bugs.python.org/issue24105...

PHP Volunteer Management 1.0.2 SQL Injection

Title: PHP Volunteer Management getmessages.php SQL Injection Vulnerabilities Author: eidelweiss Twitter: @AriosRandy Website: www.eidelweiss.info Software Site: https://sourceforge.net/projects/phpvolunteer/ Version: 1.0.2 Category: webapp php Greetz: Devilzc0de, exploit-db, G13 first vuln...