MediaWiki JSON Callback Crafted API Request Information Disclosure

The version of MediaWiki installed on the remote host is affected by an information disclosure vulnerability. A remote attacker can exploit this via the 'callback' parameter in an API call for JavaScript Object Notation JSON formatted results. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

CVE-2007-2382

The Moo.fx framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other...

Design/Logic Flaw

The Moo.fx framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other...

Design/Logic Flaw

The Script.aculo.us framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using...

CVE-2007-2383

The Prototype prototypejs framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and...

PT-2007-3711 · Google · Google Web Toolkit

Name of the Vulnerable Software and Affected Versions: Google Web Toolkit GWT affected versions not specified Description: The issue concerns the exchange of data using JavaScript Object Notation JSON without proper protection, allowing remote attackers to obtain the data. This can be achieved...

PT-2007-3714 · Mochikit · Mochikit

Name of the Vulnerable Software and Affected Versions: MochiKit framework affected versions not specified Description: The issue allows remote attackers to obtain data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other...

PT-2007-3709 · Dojo Foundation · Dojo

Name of the Vulnerable Software and Affected Versions: Dojo framework affected versions not specified Description: The issue concerns the exchange of data using JavaScript Object Notation JSON without proper protection, allowing remote attackers to obtain the data. This is achieved through a web...

PT-2007-3710 · Getahead · Getahead Dwr

Name of the Vulnerable Software and Affected Versions: Getahead Direct Web Remoting DWR framework version 1.1.4 Description: The issue allows remote attackers to obtain data through a web page that retrieves the data using a URL in the SRC attribute of a SCRIPT element and captures the data using...

PT-2006-2923 · Ethereal · Ethereal

Name of the Vulnerable Software and Affected Versions: Ethereal versions 0.9.x through 0.10.14 Description: The issue allows remote attackers to cause a denial of service, resulting in a crash due to a null dereference. This can be achieved via an invalid display filter or through various...

ABCPP 1.3 - Directive Handler Buffer Overflow

ABCPP 1.3 - Directive Handler Buffer Overflow source: https://www.securityfocus.com/bid/12021/info abcpp is prone to a buffer overflow vulnerability. This issue is exposed when the program is used to handle directives in ABC music notation files. Since the ABC files may originate from an external...

ABC2PS/JCABC2PS 1.2 - Voice Field Buffer Overflow

source: https://www.securityfocus.com/bid/12024/info abc2ps and jcabc2ps are prone to a buffer overflow vulnerability. This issue is exposed when the program is used to process the voice field in ABC music notation files. Since the ABC files may originate from an external or untrusted source, thi...

ABCPP 1.3 - Directive Handler Buffer Overflow

source: https://www.securityfocus.com/bid/12021/info abcpp is prone to a buffer overflow vulnerability. This issue is exposed when the program is used to handle directives in ABC music notation files. Since the ABC files may originate from an external or untrusted source, this issue is considered...

ABC2PSJCABC2PS 1.2 - Voice Field Buffer Overflow

ABC2PSJCABC2PS 1.2 - Voice Field Buffer Overflow source: https://www.securityfocus.com/bid/12024/info abc2ps and jcabc2ps are prone to a buffer overflow vulnerability. This issue is exposed when the program is used to process the voice field in ABC music notation files. Since the ABC files may...

ABC2MTEX 1.6.1 - Process ABC Key Field Buffer Overflow

source: https://www.securityfocus.com/bid/12018/info abc2mtex is prone to a buffer overflow vulnerability. This issue is exposed when the program is used to convert ABC music notation files to MTEX format. In particular, the issue is due to insufficient bounds checking of key data in ABC notation...

DEBIAN-CVE-2004-0642

Double free vulnerabilities in the error handling code for ASN.1 decoders in the 1 Key Distribution Center KDC library and 2 client library for MIT Kerberos 5 krb5 1.3.4 and earlier may allow remote attackers to execute arbitrary code...

Check Point VPN-1 buffer overflow

Buffer overflow on parsing ASN.1 notation...

security flaw

OpenSSL 0.9.6k allows remote attackers to cause a denial of service crash via large recursion via malformed ASN.1 sequences...

DEBIAN-CVE-2003-0544

OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service crash via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used...

CAN-2003-0543/0544 OpenSSL ASN.1 protocol crashes

Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service crash via an SSL client certificate with certain ASN.1 tag values...