Lucene search
+L

62 matches found

RedhatCVE
RedhatCVE
added 2025/12/10 5:17 p.m.9 views

CVE-2025-63739

An issue was discovered in function phpinisaveAction in file webmain/system/cogini/coginiAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to authenticated users to modify PHP configuration files via the a parameter to the index.php endpoint...

4.3CVSS6.8AI score0.00212EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/12/09 12:0 a.m.3 views

CVE-2025-63739

An issue was discovered in function phpinisaveAction in file webmain/system/cogini/coginiAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to authenticated users to modify PHP configuration files via the a parameter to the index.php endpoint...

6.4AI score0.00212EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/10/27 7:2 a.m.19 views

CVE-2025-12241 TOTOLINK A3300R POST Parameter cstecgi.cgi setLanguageCfg stack-based overflow

A vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557B20221024. This impacts the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. The manipulation of the argument lang results in stack-based buffer overflow. It is possible to launch the atta...

9CVSS0.00927EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-10200

Malware in sbrugna...

10CVSS8.5AI score0.30284EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2025/07/13 12:0 a.m.9 views

VulnCheck KEV: CVE-2022-28906

TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the langtype parameter in /setting/setLanguageCfg...

10CVSS5.8AI score0.02492EPSS
In wildExploits1References4
OSV
OSV
added 2025/06/04 6:15 p.m.6 views

CVE-2025-5600

A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232B20210713. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument LangType leads to stack-based buffer overflow. The attack may be initiated...

9.3CVSS6.4AI score0.00995EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2025/03/25 12:0 a.m.6 views

The vulnerability of the setLanguageCfg() function in TOTOLINK EX200 router microprogramming software allows a intruder to execute arbitrary commands.

The vulnerability of the setLanguageCfg function in TOTOLINK EX200 router microprogramming software lies in the lack of measures taken to clean up data at the control level when processing the langType parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

8CVSS5.9AI score0.00975EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/02/25 12:0 a.m.6 views

The vulnerability of the setLanguageCfg() function in TOTOLINK CP450 router microprogramming software allows a intruder to trigger a service failure.

The vulnerability of the setLanguageCfg function in TOTOLINK CP450 router microprogramming software is related to the issue of the operation exceeding the buffer in memory when processing the langType parameter. Exploiting this vulnerability can allow a malicious actor to cause service failures...

5.5CVSS5.7AI score0.00586EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/08/18 6:15 p.m.9 views

CVE-2024-7909

A vulnerability has been found in TOTOLINK EX1200L 9.3.5u.6146B20201023 and classified as critical. Affected by this vulnerability is the function setLanguageCfg of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to stack-based buffer overflow. The attack can be...

9.8CVSS6.3AI score0.01475EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/07/02 12:0 a.m.6 views

Aimeos Security Breach

Aimeos is an open source e-commerce framework for online stores from Aimeos Open Source. Aimeos has a security vulnerability that stems from improper access control in ai-admin-jsonadm, which allows an attacker to remove the administrator group and language environment configuration from the Aime...

5.5CVSS6.8AI score0.00481EPSS
Exploits0References7
OSV
OSV
added 2024/04/17 9:15 p.m.4 views

CVE-2024-32345

A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Configuration parameter under the Language section...

7.2CVSS5.9AI score0.00456EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/04/17 12:0 a.m.7 views

PT-2024-24821 · Wondercms · Wondercms

Name of the Vulnerable Software and Affected Versions: WonderCMS version 3.4.3 Description: A cross-site scripting XSS vulnerability in the Settings section allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SITE LANGUAGE CONFIG parameter under the...

5.5CVSS6AI score0.00402EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/04/17 12:0 a.m.6 views

PT-2024-24524 · Cmsimple · Cmsimple

Name of the Vulnerable Software and Affected Versions: CMSimple version 5.15 Description: A cross-site scripting XSS vulnerability in the Settings menu allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Configuration parameter under the Language...

7.2CVSS6AI score0.00456EPSS
Exploits1References7
OSV
OSV
added 2024/04/08 1:15 p.m.3 views

CVE-2024-31811

TOTOLINK EX200 V4.0.3c.7646B20201211 was discovered to contain a remote code execution RCE vulnerability via the langType parameter in the setLanguageCfg function...

8CVSS6.3AI score0.00975EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/04/08 12:0 a.m.5 views

TOTOLINK EX200 安全漏洞

TOTOLINK EX200 is a wireless N range extender from China Gion Electronics TOTOLINK , which is mainly used to extend the coverage of the existing Wi-Fi network and solve the problem of signal blind zones. A code execution vulnerability exists in the TOTOLINK EX200, which stems from the failure of...

8CVSS8.1AI score0.00975EPSS
Exploits1References2
CNVD
CNVD
added 2024/01/30 12:0 a.m.5 views

TOTOLINK N200RE setLanguageCfg function stack buffer overflow vulnerability

The TOTOLINK N200RE is a wireless broadband router for small office or home SOHO environments. The TOTOLINK N200RE suffers from a stack buffer overflow vulnerability that originates from a stack-based buffer overflow in the lang parameter of the setLanguageCfg function of /cgi-bin/cstecgi.cgi. No...

8.8CVSS7.5AI score0.0125EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2024/01/30 12:0 a.m.4 views

The vulnerability of the setLanguageCfg() function in the cstecgi.cgi script of the Totolink N200RE router’s microprogramming system, which allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the setLanguageCfg function in the cstecgi.cgi script of the Totolink N200RE router’s microprogramming system is related to the issue of the operation exceeding the buffer boundaries in memory when processing the lang parameter. Exploiting this vulnerability could allow an...

9CVSS7.4AI score0.0125EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/01/29 3:15 p.m.4 views

CVE-2024-1003

A vulnerability, which was classified as critical, has been found in Totolink N200RE 9.3.5u.6139B20201216. Affected by this issue is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument lang leads to stack-based buffer overflow. The attack may be launched...

8.8CVSS7.5AI score0.0125EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2023/12/22 7:15 p.m.2 views

CVE-2023-51020

TOTOlink EX1800T v9.1.0cu.2112B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langType’ parameter of the setLanguageCfg interface of the cstecgi .cgi...

9.8CVSS6.1AI score0.0097EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/12/22 12:0 a.m.6 views

TOTOLINK EX1800T 安全漏洞

The TOTOLINK EX1800T is a Wi-Fi range extender from China's Gion Electronics TOTOLINK. A command execution vulnerability exists in the TOTOLINK EX1800T. The vulnerability stems from the failure of the langFlag parameter of the cstecgi .cgi's setLanguageCfg interface to properly filter constructed...

9.8CVSS7.8AI score0.0097EPSS
Exploits1References2
Rows per page
Query Builder