Hi CHIEN YIN,
The first error is caused by the invalid sort parameter in the request. Under normal circumstances this would not occur - the same applies for the second error as well. Throwing an exception when a string is sent as a page parameter is expected. I am also not sure how this behavior qualifies as a vulnerability. The attacker is neither getting unauthorized access nor is degrading the overall performance of the service.
Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.