62 matches found
CVE-2025-63739
An issue was discovered in function phpinisaveAction in file webmain/system/cogini/coginiAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to authenticated users to modify PHP configuration files via the a parameter to the index.php endpoint...
CVE-2025-63739
An issue was discovered in function phpinisaveAction in file webmain/system/cogini/coginiAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to authenticated users to modify PHP configuration files via the a parameter to the index.php endpoint...
CVE-2025-12241 TOTOLINK A3300R POST Parameter cstecgi.cgi setLanguageCfg stack-based overflow
A vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557B20221024. This impacts the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. The manipulation of the argument lang results in stack-based buffer overflow. It is possible to launch the atta...
EUVD-2018-10200
Malware in sbrugna...
VulnCheck KEV: CVE-2022-28906
TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the langtype parameter in /setting/setLanguageCfg...
CVE-2025-5600
A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232B20210713. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument LangType leads to stack-based buffer overflow. The attack may be initiated...
The vulnerability of the setLanguageCfg() function in TOTOLINK EX200 router microprogramming software allows a intruder to execute arbitrary commands.
The vulnerability of the setLanguageCfg function in TOTOLINK EX200 router microprogramming software lies in the lack of measures taken to clean up data at the control level when processing the langType parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the setLanguageCfg() function in TOTOLINK CP450 router microprogramming software allows a intruder to trigger a service failure.
The vulnerability of the setLanguageCfg function in TOTOLINK CP450 router microprogramming software is related to the issue of the operation exceeding the buffer in memory when processing the langType parameter. Exploiting this vulnerability can allow a malicious actor to cause service failures...
CVE-2024-7909
A vulnerability has been found in TOTOLINK EX1200L 9.3.5u.6146B20201023 and classified as critical. Affected by this vulnerability is the function setLanguageCfg of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to stack-based buffer overflow. The attack can be...
Aimeos Security Breach
Aimeos is an open source e-commerce framework for online stores from Aimeos Open Source. Aimeos has a security vulnerability that stems from improper access control in ai-admin-jsonadm, which allows an attacker to remove the administrator group and language environment configuration from the Aime...
CVE-2024-32345
A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Configuration parameter under the Language section...
PT-2024-24821 · Wondercms · Wondercms
Name of the Vulnerable Software and Affected Versions: WonderCMS version 3.4.3 Description: A cross-site scripting XSS vulnerability in the Settings section allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SITE LANGUAGE CONFIG parameter under the...
PT-2024-24524 · Cmsimple · Cmsimple
Name of the Vulnerable Software and Affected Versions: CMSimple version 5.15 Description: A cross-site scripting XSS vulnerability in the Settings menu allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Configuration parameter under the Language...
CVE-2024-31811
TOTOLINK EX200 V4.0.3c.7646B20201211 was discovered to contain a remote code execution RCE vulnerability via the langType parameter in the setLanguageCfg function...
TOTOLINK EX200 安全漏洞
TOTOLINK EX200 is a wireless N range extender from China Gion Electronics TOTOLINK , which is mainly used to extend the coverage of the existing Wi-Fi network and solve the problem of signal blind zones. A code execution vulnerability exists in the TOTOLINK EX200, which stems from the failure of...
TOTOLINK N200RE setLanguageCfg function stack buffer overflow vulnerability
The TOTOLINK N200RE is a wireless broadband router for small office or home SOHO environments. The TOTOLINK N200RE suffers from a stack buffer overflow vulnerability that originates from a stack-based buffer overflow in the lang parameter of the setLanguageCfg function of /cgi-bin/cstecgi.cgi. No...
The vulnerability of the setLanguageCfg() function in the cstecgi.cgi script of the Totolink N200RE router’s microprogramming system, which allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the setLanguageCfg function in the cstecgi.cgi script of the Totolink N200RE router’s microprogramming system is related to the issue of the operation exceeding the buffer boundaries in memory when processing the lang parameter. Exploiting this vulnerability could allow an...
CVE-2024-1003
A vulnerability, which was classified as critical, has been found in Totolink N200RE 9.3.5u.6139B20201216. Affected by this issue is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument lang leads to stack-based buffer overflow. The attack may be launched...
CVE-2023-51020
TOTOlink EX1800T v9.1.0cu.2112B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langType’ parameter of the setLanguageCfg interface of the cstecgi .cgi...
TOTOLINK EX1800T 安全漏洞
The TOTOLINK EX1800T is a Wi-Fi range extender from China's Gion Electronics TOTOLINK. A command execution vulnerability exists in the TOTOLINK EX1800T. The vulnerability stems from the failure of the langFlag parameter of the cstecgi .cgi's setLanguageCfg interface to properly filter constructed...