44 matches found
UBUNTU-CVE-2016-4303
The parsestring function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service crash or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow...
CVE-2016-4303
The parsestring function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service crash or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow...
CVE-2016-4303
The parsestring function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service crash or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow...
ShopNC一处信息泄露可导致任意用户订单泄露
简要描述: ShopNC在前台的用户隐私信息防护做得很好,但忽略了一处api的防护,导致漏洞产生 漏洞可直接获取包含用户订单详情的json字符串 详细说明: 使用官方商城做演示(http://www.shopnctest.com/c2c/2013/test/ 用户名shopnc 密码shopnc) url:http://www.shopnctest.com/c2c/2013/test/mobile/28aeb56bf14c9a5f826f8ad65bc6d7f0.php?commend=orderdetail&orderid=570 oderid变量可遍历 正确返回是这样的:...