28 matches found
PT-2018-18147
Name of the Vulnerable Software and Affected Versions SnapCreek Duplicator plugin version 1.2.32 Description The issue is related to a cross-site scripting XSS vulnerability. This vulnerability allows remote attackers to inject arbitrary JavaScript or HTML via the json parameter in the...
FortiOS DoS on webUI through 'params' JSON parameter
An authenticated user may pass a specially crafted payload to the 'params' parameter of the JSON web API URLs with /json , which can cause the web user interface to be temporarily unresponsive...
CVE-2016-6317
A flaw was found in the way Active Record handled certain special values in dynamic finders and relations. If a Ruby on Rails application performed JSON parameter parsing, a remote attacker could possibly manipulate search conditions in SQL queries generated by the application...
Unsafe Query Generation Risk in Active Record
There is a vulnerability when Active Record is used in conjunction with JSON parameter parsing. This vulnerability is similar to CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155. Impact ------ Due to the way Active Record interprets parameters in combination with the way that JSON parameters are...
Ruby on Rails: Unsafe Query Generation (CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155) mitigation bypass
Unsafe Query Generation Risk in Active Record There is a vulnerability when Active Record is used in conjunction with JSON parameter parsing. This vulnerability has been assigned the CVE identifier CVE-2016-6317. This vulnerability is similar to CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155...
Informatica: [informatica.com] Blind SQL Injection
Hi guys! JSON POST parameter "docId" is vulnerable to Blind SQL Injection attack PoC Raw query POST /vtibin/RatingsCalculator/RatingsCalculator.asmx/CalculateRatings HTTP/1.1 User-Agent: Opera/9.80 Windows NT 6.1; WOW64 Presto/2.12.388 Version/12.17 Host: kb-test.informatica.com Accept-Language:...
Important: Red Hat Security Advisory: ruby193-rubygem-actionpack security update
Updated ruby193-rubygem-actionpack packages that fix multiple security issues are now available for Red Hat Software Collections 1. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detail...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Demand Media Pluck SiteLife before 5.0.13 allow remote attackers to inject arbitrary web script or HTML via 1 the jsonRequest parameter to Direct/Process, the 2 r or 3 cb parameter to Direct/jsonp.htm, or 4 the cb parameter to sys/jsonp.app/.ht...