GHSA-VXVP-4XWC-JPP6 activesupport Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in json/encoding.rb in Active Support in Ruby on Rails 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding...

activesupport Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in json/encoding.rb in Active Support in Ruby on Rails 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding...

Hackers with Credit Card Scrapers Continue to Target Magento

Attackers continue to take aim at the e-commerce platform Magento. Researchers said last week they came across a malicious function snuck into one of the platform’s modules in order to steal credit card information. Code for the function was injected into a .php file for SF9 Realex, a module that...

Ian Dunn: unchecked unserialize usage in WordPress-Functionality-Plugin-Skeleton/functionality-plugin-skeleton.php

in: https://github.com/iandunn/WordPress-Functionality-Plugin-Skeleton/blob/547216caf1bef2664ec3920a9c749191dea13aeb/functionality-plugin-skeleton.phpL108 there is usage of unserialize function public function blockpluginupdates $request, $url if 0 !== strpos $url, self::PLUGINUPDATECHECKURL //...

Internet Bug Bounty: Python 2.7 32-bit JSON encoding heap corruption

https://bugs.python.org/issue28284 https://hg.python.org/cpython/rev/9375c8834448 Among other things this vulnerability will be triggered when JSON-encoding a dict with a very large key: python -c 'import json; json.dumpschr0x220x2AAAAAAB:0'...

EUVD-2015-8719

Off-by-one error in the tokenadd function in jvparse.c in jq allows remote attackers to cause a denial of service crash via a long JSON-encoded number, which triggers a heap-based buffer overflow...

Internet Bug Bounty: EIP control using type confusion in json encoding

https://bugs.python.org/issue24683 File 'eip.py' posted on the issue page proves EIP control...

CVE-2015-3226

Cross-site scripting XSS vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding...

DEBIAN-CVE-2015-3226

Cross-site scripting XSS vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding...

CVE-2015-3226

Cross-site scripting XSS vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding...

Cross site scripting

Cross-site scripting XSS vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding...

CVE-2015-3226

Cross-site scripting XSS vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding...

UBUNTU-CVE-2015-3226

Cross-site scripting XSS vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding...

CVE-2015-3226

Cross-site scripting XSS vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding...

CVE-2015-3226

CVE-2015-3226 is an XSS vulnerability in Active Support's JSON encoding (ActiveSupport::JSON.encode) where a Hash with user-controlled data is mishandled during JSON encoding, potentially injecting script/HTML when inserted into HTML. Affected are Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2...

CVE-2015-3226

Cross-site scripting XSS vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding...

Internet Bug Bounty: Integer overflow in _json_encode_unicode leads to crash

http://bugs.python.org/issue24522 static PyObject escapeunicodePyObject pystr / Take a PyUnicode pystr and return a new escaped PyUnicode / Pyssizet i; Pyssizet inputchars; Pyssizet outputsize; Pyssizet chars; PyObject rval; void input; int kind; PyUCS4 maxchar; if PyUnicodeREADYpystr == -1 retur...

Internet Bug Bounty: Multiple use after free bugs in json encoding

https://bugs.python.org/issue24094 https://bugs.python.org/issue24095 https://bugs.python.org/issue24105...

PHP Volunteer Management 1.0.2 SQL Injection

Title: PHP Volunteer Management getmessages.php SQL Injection Vulnerabilities Author: eidelweiss Twitter: @AriosRandy Website: www.eidelweiss.info Software Site: https://sourceforge.net/projects/phpvolunteer/ Version: 1.0.2 Category: webapp php Greetz: Devilzc0de, exploit-db, G13 first vuln...