DEBIAN-CVE-2016-1000342

In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of...

CVE-2018-7904

Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management...

Mozilla Firefox JSON Viewer Script Injection Vulnerability

Mozilla Firefox browser Firefox is a free, open source browser for Windows, Linux and MacOSX platforms. Mozilla Firefox suffers from a JSON Viewer script injection vulnerability. An attacker can use this vulnerability to run script code in the JSON Viewer context, which can be used to steal cooki...

abcm2ps buffer overflow vulnerability (CNVD-2018-09186)

abcm2ps is a command line program that converts music tunes from ABC notation to PostScript or SVG format. A stack buffer overflow vulnerability exists in the 'delayedoutput' function of the music.c file in abcm2ps. A remote attacker could exploit this vulnerability to cause a denial of service...

UBUNTU-CVE-2018-10362

An issue was discovered in phpLiteAdmin 1.9.5 through 1.9.7.1. Due to loose comparison with '==' instead of '===' in classes/Authorization.php for the user-provided login password, it is possible to login with a simpler password if the password has the form of a power in scientific notation like...

DEBIAN-CVE-2018-10362

An issue was discovered in phpLiteAdmin 1.9.5 through 1.9.7.1. Due to loose comparison with '==' instead of '===' in classes/Authorization.php for the user-provided login password, it is possible to login with a simpler password if the password has the form of a power in scientific notation like...

Default credentials

An issue was discovered in phpLiteAdmin 1.9.5 through 1.9.7.1. Due to loose comparison with '==' instead of '===' in classes/Authorization.php for the user-provided login password, it is possible to login with a simpler password if the password has the form of a power in scientific notation like...

CVE-2018-10362

An issue was discovered in phpLiteAdmin 1.9.5 through 1.9.7.1. Due to loose comparison with '==' instead of '===' in classes/Authorization.php for the user-provided login password, it is possible to login with a simpler password if the password has the form of a power in scientific notation like...

CVE-2018-10362

An issue was discovered in phpLiteAdmin 1.9.5 through 1.9.7.1. Due to loose comparison with '==' instead of '===' in classes/Authorization.php for the user-provided login password, it is possible to login with a simpler password if the password has the form of a power in scientific notation like...

CVE-2018-10362

An issue was discovered in phpLiteAdmin 1.9.5 through 1.9.7.1. Due to loose comparison with '==' instead of '===' in classes/Authorization.php for the user-provided login password, it is possible to login with a simpler password if the password has the form of a power in scientific notation like...

PT-2018-9847 · Phpliteadmin · Phpliteadmin

Name of the Vulnerable Software and Affected Versions: phpLiteAdmin versions 1.9.5 through 1.9.7.1 Description: An issue was discovered due to loose comparison with '==' instead of '===' in the Authorization.php class for user-provided login passwords. This allows an attacker to login with a...

Authorization Bypass

phpLiteAdmin is vulnerable to Authorization Bypasses. The application uses the == comparator when validating passwords, allowing a malicious user to bypass the validation by passing in a numerical password in scientific notation e.g. 0e1...

UBUNTU-CVE-2018-0739

Constructed ASN.1 types with a recursive definition such as can be found in PKCS7 could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so...

PYSEC-2018-112

Ajenti version version 2 contains a Improper Error Handling vulnerability in Login JSON request that can result in The requisition leaks a path of the server. This attack appear to be exploitable via By sending a malformed JSON, the tool responds with a traceback error that leaks a path of the...

ALPINE-CVE-2018-5336

In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth...

shopify-scripts: mruby heredoc notation

Hi There exists a vulnerability in mruby when using the heredoc notation it doesn't need ulimit The minified test can be generated with the following command: ruby -e 'IO.binwrite"j3.rb", "\xa7 This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent...

Multiple Dahua Product Access Validation Vulnerabilities

Dahua NVR50XX and so on are network hard disk camera products of China Dahua Dahua company. A security vulnerability exists in several Dahua products. The vulnerability can be exploited by an attacker to perform other operations by forging json messages...

AlienVault : SSRF protection bypass

As said in report 285380, using the decimal IP notation is bypassing the fix : https://www.threatcrowd.org/domain.php?domain=2852039166...

PT-2017-4257 · Ruby +4 · Yajl-Ruby +4

Name of the Vulnerable Software and Affected Versions: yajl-ruby gem version 1.3.0 Description: The issue is related to insufficient processing of a format string in the yajl string decode function of the yajl encode.c component in the YAJL-ruby JSON library. When a crafted JSON file is supplied ...

Fortinet FortiOS Denial of Service Vulnerability (CNVD-2017-35607)

FortiOS is an intuitive operating system that lets you control all security and networking features of all FortiGates throughout your network. A denial of service vulnerability exists in Fortinet FortiOS. A remote authenticated user can cause the target web interface to be temporarily unavailable...