352 matches found
PT-2024-40148 · Packagist · Typo3/Cms-Core
Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue arises from the failure to properly encode information from external sources. Specifically, the language pack handling in the install tool is susceptible to cross-site...
May 23, 2024—KB5039705 (OS Build 17763.5830) Out-of-band - EXPIRED
May 23, 2024—KB5039705 OS Build 17763.5830 Out-of-band - EXPIRED EXPIRATION NOTICEIMPORTANT As of March 31, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. ...
VulnCheck KEV: CVE-2022-47945
ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled langswitchon=true. An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php...
April 9, 2024-Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 R2 (KB5037040)
April 9, 2024-Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 R2 KB5037040 Applies to: Microsoft .NET Framework 3.5 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7.2...
CVE-2024-25982
The link to update all installed language packs did not include the necessary token to prevent a CSRF risk...
PT-2024-13706 · Trendnet · Trendnet Tv-Ip1314Pi
Name of the Vulnerable Software and Affected Versions: TRENDnet TV-IP1314PI version 5.5.3 200714 Description: An issue was discovered where command injection can occur because the system function is used by davinci to unpack language packs without strict filtering of URL strings. Recommendations:...
KB5029375 - Description of the security update for SQL Server 2017 GDR: October 10, 2023
KB5029375 - Description of the security update for SQL Server 2017 GDR: October 10, 2023 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This security update contains a...
KB5029376 - Description of the security update for SQL Server 2017 CU31: October 10, 2023
KB5029376 - Description of the security update for SQL Server 2017 CU31: October 10, 2023 Summary Improvements and fixes included in this update How to obtain and install the update How to obtain or download the latest cumulative update package for Linux More information File information...
September 12, 2023—KB5030278 (Monthly Rollup)
September 12, 2023—KB5030278 Monthly Rollup REMINDER Windows Server 2012 end of support EOS date is October 10, 2023. Extended Security Updates ESUs will be available for purchase no later than October 2022, but available for installation after the EOS date, October 10, 2023. ESUs will continue f...
Description of the security update for SharePoint Server 2019 Language Pack: August 8, 2023 (KB5002422)
Description of the security update for SharePoint Server 2019 Language Pack: August 8, 2023 KB5002422 Summary This security update resolves a Microsoft SharePoint Server information disclosure vulnerability and a Microsoft SharePoint Server spoofing vulnerability. To learn more about the...
May 9, 2023—KB5026419 (Monthly Rollup)
May 9, 2023—KB5026419 Monthly Rollup IMPORTANT For Windows Server 2012, the end of support EOS date is October 10, 2023. Extended Security Updates ESUs will be available for purchase no later than October 2022, but available for installation after the EOS date, October 10, 2023. ESUs will continu...
Security Updates for Microsoft SharePoint Server Subscription Edition Language Pack (February 2023)
The Microsoft SharePoint Server Subscription Edition installation on the remote host is missing a language pack security updates. It is, therefore, affected by a remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands...
SUSE CVE-2019-9811
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...
Description of the security update for SharePoint Server Subscription Edition Language Pack: February 14, 2023 (KB5002352)
Description of the security update for SharePoint Server Subscription Edition Language Pack: February 14, 2023 KB5002352 Summary This security update resolves a Microsoft Word remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and...
GHSA-P4QR-VQ2G-22WP ThinkPHP Framework vulnerable to remote code execution
ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled langswitchon=true. An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php...
ThinkPHP Framework vulnerable to remote code execution
ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled langswitchon=true. An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php...
CVE-2022-47945
ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled langswitchon=true. An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php...
Design/Logic Flaw
ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled langswitchon=true. An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php...
CVE-2022-47945
ThinkPHP Framework versions before 6.0.14 are vulnerable to local file inclusion via the lang parameter when lang_switch_on=true. An unauthenticated, remote attacker can exploit this to run arbitrary OS commands (illustrated by including pearcmd.php). Affected component: ThinkPHP language-pack/LF...
CVE-2022-47945
ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled langswitchon=true. An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php...