Lucene search
K

352 matches found

Positive Technologies
Positive Technologies
added 2024/05/30 12:0 a.m.3 views

PT-2024-40148 · Packagist · Typo3/Cms-Core

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue arises from the failure to properly encode information from external sources. Specifically, the language pack handling in the install tool is susceptible to cross-site...

6.1CVSS6.6AI score
Exploits0References4
Microsoft KB
Microsoft KB
added 2024/05/23 12:0 a.m.124 views

May 23, 2024—KB5039705 (OS Build 17763.5830) Out-of-band - EXPIRED

May 23, 2024—KB5039705 OS Build 17763.5830 Out-of-band - EXPIRED EXPIRATION NOTICEIMPORTANT As of March 31, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. ​​​​​​​...

5.9AI score
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2024/04/11 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-47945

ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled langswitchon=true. An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php...

9.8CVSS7.4AI score0.15505EPSS
Exploits2References1
Microsoft KB
Microsoft KB
added 2024/04/09 7:0 a.m.62 views

April 9, 2024-Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 R2 (KB5037040)

April 9, 2024-Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 R2 KB5037040 Applies to: Microsoft .NET Framework 3.5 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7.2...

7.3CVSS7.7AI score0.02513EPSS
Exploits0
OSV
OSV
added 2024/02/19 5:15 p.m.6 views

CVE-2024-25982

The link to update all installed language packs did not include the necessary token to prevent a CSRF risk...

8.8CVSS8.6AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/01/09 12:0 a.m.5 views

PT-2024-13706 · Trendnet · Trendnet Tv-Ip1314Pi

Name of the Vulnerable Software and Affected Versions: TRENDnet TV-IP1314PI version 5.5.3 200714 Description: An issue was discovered where command injection can occur because the system function is used by davinci to unpack language packs without strict filtering of URL strings. Recommendations:...

9.8CVSS9.8AI score0.18596EPSS
Exploits1References7
Microsoft KB
Microsoft KB
added 2023/10/10 7:0 a.m.159 views

KB5029375 - Description of the security update for SQL Server 2017 GDR: October 10, 2023

KB5029375 - Description of the security update for SQL Server 2017 GDR: October 10, 2023 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This security update contains a...

5.5CVSS6.8AI score0.00851EPSS
Exploits0
Microsoft KB
Microsoft KB
added 2023/10/10 7:0 a.m.207 views

KB5029376 - Description of the security update for SQL Server 2017 CU31: October 10, 2023

KB5029376 - Description of the security update for SQL Server 2017 CU31: October 10, 2023 Summary Improvements and fixes included in this update How to obtain and install the update How to obtain or download the latest cumulative update package for Linux More information File information...

5.5CVSS6.8AI score0.00851EPSS
Exploits0
Microsoft KB
Microsoft KB
added 2023/09/12 7:0 a.m.70 views

September 12, 2023—KB5030278 (Monthly Rollup)

September 12, 2023—KB5030278 Monthly Rollup REMINDER Windows Server 2012 end of support EOS date is October 10, 2023. Extended Security Updates ESUs will be available for purchase no later than October 2022, but available for installation after the EOS date, October 10, 2023. ESUs will continue f...

7.8CVSS6.9AI score0.24014EPSS
Exploits0
Microsoft KB
Microsoft KB
added 2023/08/08 7:0 a.m.40 views

Description of the security update for SharePoint Server 2019 Language Pack: August 8, 2023 (KB5002422)

Description of the security update for SharePoint Server 2019 Language Pack: August 8, 2023 KB5002422 Summary This security update resolves a Microsoft SharePoint Server information disclosure vulnerability and a Microsoft SharePoint Server spoofing vulnerability. To learn more about the...

8CVSS7.2AI score0.02153EPSS
Exploits0
Microsoft KB
Microsoft KB
added 2023/05/09 7:0 a.m.187 views

May 9, 2023—KB5026419 (Monthly Rollup)

May 9, 2023—KB5026419 Monthly Rollup IMPORTANT For Windows Server 2012, the end of support EOS date is October 10, 2023. Extended Security Updates ESUs will be available for purchase no later than October 2022, but available for installation after the EOS date, October 10, 2023. ESUs will continu...

9.8CVSS7.4AI score0.94683EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2023/02/17 12:0 a.m.37 views

Security Updates for Microsoft SharePoint Server Subscription Edition Language Pack (February 2023)

The Microsoft SharePoint Server Subscription Edition installation on the remote host is missing a language pack security updates. It is, therefore, affected by a remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands...

9.8CVSS9.3AI score0.82302EPSS
Exploits11References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:14 a.m.3 views

SUSE CVE-2019-9811

As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

7.5CVSS8.6AI score0.02574EPSS
Exploits1References24
Microsoft KB
Microsoft KB
added 2023/02/14 8:0 a.m.77 views

Description of the security update for SharePoint Server Subscription Edition Language Pack: February 14, 2023 (KB5002352)

Description of the security update for SharePoint Server Subscription Edition Language Pack: February 14, 2023 KB5002352 Summary This security update resolves a Microsoft Word remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and...

9.8CVSS9.8AI score0.82302EPSS
Exploits11
OSV
OSV
added 2022/12/23 9:30 p.m.47 views

GHSA-P4QR-VQ2G-22WP ThinkPHP Framework vulnerable to remote code execution

ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled langswitchon=true. An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php...

9.8CVSS9.5AI score0.15505EPSS
Exploits2References5
Github Security Blog
Github Security Blog
added 2022/12/23 9:30 p.m.56 views

ThinkPHP Framework vulnerable to remote code execution

ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled langswitchon=true. An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php...

9.8CVSS9.3AI score0.15505EPSS
Exploits2References5Affected Software1
OSV
OSV
added 2022/12/23 9:15 p.m.28 views

CVE-2022-47945

ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled langswitchon=true. An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php...

9.8CVSS9.6AI score
Exploits0References3
Prion
Prion
added 2022/12/23 9:15 p.m.31 views

Design/Logic Flaw

ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled langswitchon=true. An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php...

7.5CVSS9.5AI score0.15505EPSS
Exploits2References3Affected Software1
CVE
CVE
added 2022/12/23 12:0 a.m.473 views

CVE-2022-47945

ThinkPHP Framework versions before 6.0.14 are vulnerable to local file inclusion via the lang parameter when lang_switch_on=true. An unauthenticated, remote attacker can exploit this to run arbitrary OS commands (illustrated by including pearcmd.php). Affected component: ThinkPHP language-pack/LF...

9.8CVSS9.4AI score0.15505EPSS
In wildExploits2References3Affected Software1
Cvelist
Cvelist
added 2022/12/23 12:0 a.m.26 views

CVE-2022-47945

ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled langswitchon=true. An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php...

9.7AI score0.15505EPSS
Exploits2References3
Rows per page
Query Builder