Showing 1 - 1 of 1

CVE-2010-3978

Status Candidate

Overview

Spree 0.11.x before 0.11.2 and 0.30.x before 0.30.0 exchanges data using JavaScript Object Notation (JSON) without a mechanism for validating requests, which allows remote attackers to obtain sensitive information via vectors involving (1) admin/products.json, (2) admin/users.json, or (3) admin/overview/get_report_data, related to a "JSON hijacking" issue.

Related Files

Spree e-commerce JSON Hijacking: Posted Nov 9, 2010; Authored by Rodrigo Rubira Branco; There are multiple JSON hijacking vulnerabilities in Spree e-commerce and as a result, an attacker can steal confidential information such as: product costs, price and quantities and users email, encrypted passwords, tokens, OpenID identifier, phone and address as well as orders count and values by period.; tags | advisory, vulnerability; advisories | CVE-2010-3978; SHA-256 | 129fcbe0112190916cc1826e1e039917100d9c116fdf4c0f538a86a5ca357a91; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 294 files
Ubuntu 64 files
Debian 24 files
Apple 14 files
LiquidWorm 12 files
Gentoo 8 files
Google Security Research 4 files
Andrey Stoykov 3 files
Jann Horn 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,171)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,070)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,426)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,010)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

CVE-2010-3978

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems