17 matches found
EUVD-2014-1622
Malware in sbrugna...
EUVD-2017-5772
Malware in sbrugna...
EUVD-2014-5139
Malware in sbrugna...
EUVD-2018-0649
Malware in sbrugna...
OrientDB-Server vulnerable to Cross-Site Request Forgery
The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery CSRF attacks, and obtain sensitive information, via a crafted HTTP...
CVE-2017-14269
EE 4GEE WiFi MBB before EE600005.0031 devices allow remote attackers to obtain sensitive information via a JSONP endpoint, as demonstrated by passwords and SMS content...
Design/Logic Flaw
EE 4GEE WiFi MBB before EE600005.0031 devices allow remote attackers to obtain sensitive information via a JSONP endpoint, as demonstrated by passwords and SMS content...
CVE-2017-14269
CVE-2017-14269 affects EE 4GEE WiFi MBB devices (before EE60_00_05.00_31). The vulnerability allows remote attackers to obtain sensitive data via a JSONP endpoint, demonstrated as passwords and SMS content exposure. The root cause is an insecure JSONP/endpoint handling that leaks confidential inf...
CVE-2017-14269
EE 4GEE WiFi MBB before EE600005.0031 devices allow remote attackers to obtain sensitive information via a JSONP endpoint, as demonstrated by passwords and SMS content...
Cross-site Request Forgery (CSRF)
github.com/ant0ine/go-json-rest is vulnerable to cross-site request forgery. A malicious user can communicate with an JSONP endpoint using a SWF OBJECT to bypass the Same Origin Policy...
blog.legobrasil.com.br XSS vulnerability
Vulnerable URL: http://blog.legobrasil.com.br/admin-portal/json/?jsonp=prompt/OPENBUGBOUNTY/...
Cross site request forgery (csrf)
The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery CSRF attacks, and obtain sensitive information, via a crafted HTTP...
Updated bugzilla packages fix a CSRF vulnerability
Updated bugzilla packages fix security vulnerabilities: Adobe does not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery CSRF attacks against Bugzilla's JSONP endpoint, possibly obtaining sensitive bug information, via a crafted OBJECT...
CVE-2014-5241
The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 accepts certain long callback values and does not restrict the initial bytes of a JSONP response, which allows remote attackers to conduct cross-site...
Cross site request forgery (csrf)
The response function in the JSONP endpoint in WebService/Server/JSONRPC.pm in jsonrpc.cgi in Bugzilla 3.x and 4.x before 4.0.14, 4.1.x and 4.2.x before 4.2.10, 4.3.x and 4.4.x before 4.4.5, and 4.5.x before 4.5.5 accepts certain long callback values and does not restrict the initial bytes of a...
CVE-2014-1546
The response function in the JSONP endpoint in WebService/Server/JSONRPC.pm in jsonrpc.cgi in Bugzilla 3.x and 4.x before 4.0.14, 4.1.x and 4.2.x before 4.2.10, 4.3.x and 4.4.x before 4.4.5, and 4.5.x before 4.5.5 accepts certain long callback values and does not restrict the initial bytes of a...
Flash "Rosetta" JSONP GET/POST Response Disclosure Exploit
A website that serves a JSONP endpoint that accepts a custom alphanumeric callback of 1200 chars can be abused to serve an encoded swf payload that steals the contents of a same-domain URL. Flash 'Flash "Rosetta" JSONP GET/POST Response Disclosure', 'Description' = %q A website that serves a JSON...