2204 matches found
Buffer overflow
Espruino before 1.99 allows attackers to cause a denial of service application crash and a potential Escalation of Privileges with a user crafted input file via a Buffer Overflow during syntax parsing, because strncat is misused...
CVE-2018-11593
Espruino before 1.99 allows attackers to cause a denial of service application crash and potential Information Disclosure with a user crafted input file via a Buffer Overflow during syntax parsing because strncpy is misused in jslex.c...
CVE-2018-11594
Espruino before 1.99 allows attackers to cause a denial of service application crash with a user crafted input file via a Buffer Overflow during syntax parsing of "VOID" tokens in jsparse.c...
CVE-2018-11591
Espruino before 1.98 allows attackers to cause a denial of service application crash with a user crafted input file via a NULL pointer dereference during syntax parsing. This was addressed by adding validation for a debug trace print statement in jsvar.c...
CVE-2018-11592
Espruino before 1.98 allows attackers to cause a denial of service application crash with a user crafted input file via an Out-of-bounds Read during syntax parsing in which certain height validation is missing in libs/graphics/jswrapgraphics.c...
CVE-2018-11597
Espruino before 1.99 allows attackers to cause a denial of service application crash with a user crafted input file via a Buffer Overflow during syntax parsing because of a missing check for stack exhaustion with many '' characters in jsparse.c...
CVE-2018-11596
Espruino before 1.99 allows attackers to cause a denial of service application crash with a user crafted input file via a Buffer Overflow during syntax parsing because a check for '\0' is made for the wrong array element in jsvar.c...
CVE-2018-11590
Espruino before 1.99 allows attackers to cause a denial of service application crash with a user crafted input file via an integer overflow during syntax parsing. This was addressed by fixing stack size detection on Linux in jsutils.c...
CVE-2018-11594
Espruino before 1.99 allows attackers to cause a denial of service application crash with a user crafted input file via a Buffer Overflow during syntax parsing of "VOID" tokens in jsparse.c...
CVE-2018-11595
Espruino before 1.99 allows attackers to cause a denial of service application crash and a potential Escalation of Privileges with a user crafted input file via a Buffer Overflow during syntax parsing, because strncat is misused...
CVE-2018-11598
Espruino before 1.99 allows attackers to cause a denial of service application crash and a potential Information Disclosure with user crafted input files via a Buffer Overflow or Out-of-bounds Read during syntax parsing of certain for loops in jsparse.c...
CVE-2018-11597
Summary: CVE-2018-11597 affects Espruino versions before 1.99. A vulnerability in jsparse.c allows a crafted input file with many '{' characters to trigger a Buffer Overflow during syntax parsing, causing an application crash (DoS). Root cause: missing check for stack exhaustion. Exploitation con...
CVE-2018-11591
Espruino before version 1.98 is affected by a denial-of-service vulnerability caused by a NULL pointer dereference during syntax parsing when processing a crafted input file. Multiple connected sources confirm that the issue exists in Espruino 1.97 and earlier, and it was mitigated by adding vali...
CVE-2018-11592
CVE-2018-11592 affects Espruino before version 1.98. The vulnerability arises from an out-of-bounds read during syntax parsing due to missing height validation in libs/graphics/jswrap_graphics.c, which can be triggered by a specially crafted input file and leads to an application crash (Denial of...
CVE-2018-11590
Espruino before 1.99 allows attackers to cause a denial of service application crash with a user crafted input file via an integer overflow during syntax parsing. This was addressed by fixing stack size detection on Linux in jsutils.c...
CVE-2018-11591
Espruino before 1.98 allows attackers to cause a denial of service application crash with a user crafted input file via a NULL pointer dereference during syntax parsing. This was addressed by adding validation for a debug trace print statement in jsvar.c...
Auto Car 1.2 Cross Site Scripting / SQL Injection
Exploit Title: Auto car 1.2 - 'cartitle' SQL Injection / Cross-Site Scripting Date: 2018-05-22 Exploit Author: Borna nematzadeh L0RD Vendor Homepage: https://codecanyon.net/item/auto-car-car-listing-script/19221368?srank=1159 Version: 1.2 Tested on: Win 10 POC 1: SQLi: Parameter: cartitle Type:...
Auto Car 1.2 - car_title SQL Injection Cross-Site Scripting
Auto Car 1.2 - cartitle SQL Injection Cross-Site Scripting Exploit Title: Auto car 1.2 - 'cartitle' SQL Injection / Cross-Site Scripting Date: 2018-05-22 Exploit Author: Borna nematzadeh L0RD Vendor Homepage: https://codecanyon.net/item/auto-car-car-listing-script/19221368?srank=1159 Version: 1.2...
NodAPS 4.0 - SQL injection Cross-Site Request Forgery
NodAPS 4.0 - SQL injection Cross-Site Request Forgery Exploit Title: Online Booking system - NodAPS 4.0 - 'search' SQL injection / Cross-Site Request Forgery Date: 2018-05-16 Exploit Author: Borna nematzadeh L0RD Vendor Homepage:...
ncurses denial of service vulnerability (CNVD-2018-09192)
ncurses is a character terminal processing library , it can provide a series of functions for the user to call and generate text-based user interface . A security vulnerability exists in the 'ncparseentry' function in the tinfo/parseentry.c file in versions of ncurses prior to 6.1.20180414. A...