Lucene search
K

28 matches found

Positive Technologies
Positive Technologies
added 2018/03/26 12:0 a.m.6 views

PT-2018-18147

Name of the Vulnerable Software and Affected Versions SnapCreek Duplicator plugin version 1.2.32 Description The issue is related to a cross-site scripting XSS vulnerability. This vulnerability allows remote attackers to inject arbitrary JavaScript or HTML via the json parameter in the...

6.1CVSS6AI score0.03495EPSS
Exploits5References4
Fortinet
Fortinet
added 2017/10/24 12:0 a.m.39 views

FortiOS DoS on webUI through 'params' JSON parameter

An authenticated user may pass a specially crafted payload to the 'params' parameter of the JSON web API URLs with /json , which can cause the web user interface to be temporarily unresponsive...

4CVSS2AI score0.01745EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2016/08/12 6:18 a.m.47 views

CVE-2016-6317

A flaw was found in the way Active Record handled certain special values in dynamic finders and relations. If a Ruby on Rails application performed JSON parameter parsing, a remote attacker could possibly manipulate search conditions in SQL queries generated by the application...

7.5CVSS3.5AI score0.03903EPSS
Exploits0References2
RubySec
RubySec
added 2016/08/11 12:0 a.m.58 views

Unsafe Query Generation Risk in Active Record

There is a vulnerability when Active Record is used in conjunction with JSON parameter parsing. This vulnerability is similar to CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155. Impact ------ Due to the way Active Record interprets parameters in combination with the way that JSON parameters are...

7.5CVSS2.1AI score0.05673EPSS
Exploits4References1Affected Software1
Hacker One
Hacker One
added 2016/05/17 1:38 p.m.62 views

Ruby on Rails: Unsafe Query Generation (CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155) mitigation bypass

Unsafe Query Generation Risk in Active Record There is a vulnerability when Active Record is used in conjunction with JSON parameter parsing. This vulnerability has been assigned the CVE identifier CVE-2016-6317. This vulnerability is similar to CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155...

6.4CVSS7.9AI score0.05673EPSS
Exploits4
Hacker One
Hacker One
added 2016/02/18 2:55 a.m.65 views

Informatica: [informatica.com] Blind SQL Injection

Hi guys! JSON POST parameter "docId" is vulnerable to Blind SQL Injection attack PoC Raw query POST /vtibin/RatingsCalculator/RatingsCalculator.asmx/CalculateRatings HTTP/1.1 User-Agent: Opera/9.80 Windows NT 6.1; WOW64 Presto/2.12.388 Version/12.17 Host: kb-test.informatica.com Accept-Language:...

8.3AI score
Exploits0
RedHat Linux
RedHat Linux
added 2013/12/05 9:54 p.m.97 views

Important: Red Hat Security Advisory: ruby193-rubygem-actionpack security update

Updated ruby193-rubygem-actionpack packages that fix multiple security issues are now available for Red Hat Software Collections 1. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detail...

6.4CVSS6.9AI score0.207EPSS
Exploits3References5
Prion
Prion
added 2012/04/18 5:55 p.m.14 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Demand Media Pluck SiteLife before 5.0.13 allow remote attackers to inject arbitrary web script or HTML via 1 the jsonRequest parameter to Direct/Process, the 2 r or 3 cb parameter to Direct/jsonp.htm, or 4 the cb parameter to sys/jsonp.app/.ht...

4.3CVSS6AI score0.01456EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder