CVE-2026-45279

A flaw was found in Nextcloud Server. This vulnerability allows non-admin users to perform a path traversal when the lang variable is used in the template directory configuration. An attacker can exploit this to copy arbitrary files, subject to existing Unix permissions, into their own Nextcloud...

EUVD-2008-3061

Malware in sbrugna...

EUVD-2008-3060

Malware in sbrugna...

shim: Out-of-bounds read printing error messages

A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a cras...

shim: Out-of-bounds read printing error messages

A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a cras...

CVE-2008-3071

Directory traversal vulnerability in inc/classlanguage.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $language variable...

CVE-2008-3071

Directory traversal vulnerability in inc/classlanguage.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $language variable...

CVE-2008-3070

CVE-2008-3070 affects the MyBB code path in inc/datahandler/user.php for versions before 1.2.13 . The vulnerability is described as an “unspecified vulnerability” with unknown impact and attack vectors related to the $user['language'] variable, probably tied to an SQL injection issue. According t...

CVE-2008-3070

Unspecified vulnerability in inc/datahandler/user.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $user'language' variable, probably related to SQL injection...

PHPress 0.2.0 - 'adisplay.php?lang' Local File Inclusion

:::::::::::::::::::::::::::::::::::::::::::::::::::....................... ::| \ | | \ | | / | ::| | | | | | | | ::| . | |/ / \ | . |/ | ' \ / \ | | | '/ \ \ /\ / / ::| |\ | | | / | |\ | | | | | | | | / | || | | /\ V V / ::|| ||\| || |,|| || ||| || | // :::::::::::::::::::::::::::::We...

IlohaMail Arbitrary File Access via Language Variable

The target is running at least one instance of IlohaMail version 0.7.10 or earlier. Such versions contain a flaw in the processing of the language variable that allows an unauthenticated attacker to retrieve arbitrary files available to the web user. OpenVAS Vulnerability Test $Id:...

IlohaMail Arbitrary File Access via Language Variable

The target is running at least one instance of IlohaMail version 0.7.10 or earlier. Such versions contain a flaw in the processing of the language variable that allows an unauthenticated attacker to retrieve arbitrary files available to the web user. SPDX-FileCopyrightText: 2004-2005 George A...

CVE-2004-1911

Cross-site scripting XSS vulnerability in AzDGDatingLite 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the 1 l parameter aka language variable to index.php or 2 id parameter to view.php...

IlohaMail index.php init_lang Parameter Arbitrary File Access

The target is running at least one instance of IlohaMail version 0.7.10 or earlier. Such versions contain a flaw in the processing of the language variable that allows an unauthenticated attacker to retrieve arbitrary files available to the web user. %NASLMINLEVEL 70300 This script was written by...