552 matches found
CVE-2024-22087
route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code execution...
CVE-2018-17878
Buffer Overflow vulnerability in certain ABUS TVIP cameras allows attackers to gain control of the program via crafted string sent to sprintf function...
Buffer overflow
Buffer Overflow vulnerability in certain ABUS TVIP cameras allows attackers to gain control of the program via crafted string sent to sprintf function...
CVE-2018-17878
Buffer Overflow vulnerability in certain ABUS TVIP cameras allows attackers to gain control of the program via crafted string sent to sprintf function...
CVE-2018-17878
CVE-2018-17878 is a buffer overflow vulnerability in ABUS TVIP cameras. The issue arises from using the C sprintf() function on crafted input, enabling an attacker to potentially gain control of the program. The initial CVE description confirms the vulnerability vector and impact as stated, with ...
Buffer Overflow
libzephyr.so is vulnerable to Buffer Overflow. The vulnerability is caused by the insecure use of the sprintf function. If the path parameter is PATHMAX characters long, the sprintf function will write one NULL byte off the stack variable mountpath. When the path parameter is attacker-controlled...
Cross-site Scripting
pimcore/admin-ui-classic-bundle is vulnerable to Cross-site Scripting. The vulnerability is due to sprintf function in functions.js which does not perform any escaping or sanitization of the subst and str value itself. This can lead to Cross-Site Scripting vulnerabilities if the str is later...
CVE-2023-42817
Pimcore admin-ui-classic-bundle provides a Backend UI for Pimcore. The translation value with text including “%s” from “%suggest% is parsed by sprintf even though it’s supposed to be output literally to the user. The translations may be accessible by a user with comparatively lower overall access...
CVE-2023-42817 Cross-site Scripting (XSS) in pimcore admin-ui-classic-bundle translations
Pimcore admin-ui-classic-bundle provides a Backend UI for Pimcore. The translation value with text including “%s” from “%suggest% is parsed by sprintf even though it’s supposed to be output literally to the user. The translations may be accessible by a user with comparatively lower overall access...
GHSA-M988-7375-7G2C pimcore/admin-ui-classic-bundle Cross-site Scripting vulnerability in Translations
Impact The translation value with text including “%s” from “%suggest% is parsed by sprintf even though it’s supposed to be output literally to the user. The translations may be accessible by a user with comparatively lower overall access as the translation permission cannot be scoped to certain...
Pimcore Cross-Site Scripting Vulnerability
Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management , e-commerce framework and product information management applications. A cross-site scripting vulnerability exists in...
CVE-2023-25123
Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...
CVE-2023-25122
Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...
CVE-2023-25119
Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...
CVE-2023-25119
Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...
CVE-2023-25124
Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...
CVE-2023-25120
Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...
CVE-2023-25117
Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...
CVE-2023-25105
Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...
CVE-2023-25107
Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...