rgui-3.4.4-seh-bof-exploit

Exploração de Buffer Overflow SEH Overwrite no RGui 3.4.4...

CVE-2026-42353 Path traversal / SSRF in i18next-http-middleware via user-controlled language and namespace parameters

i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware passes the user-controlled lng and ns values from getResourcesHandler directly into...

CVE-2018-25258

RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can craft malicious input in the Language for menus and messages field to trigger a stack-based...

PT-2026-32178

RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can craft malicious input in the Language for menus and messages field to trigger a stack-based...

EUVD-2019-20048

R i386 3.5.0 contains a local buffer overflow vulnerability in the GUI Preferences dialog that allows local attackers to trigger a structured exception handler SEH overwrite by supplying malicious input. Attackers can craft a payload string in the 'Language for menus and messages' field to...

CVE-2025-8536 SQL Injection in DobryCMS

A SQL injection vulnerability has been identified in DobryCMS. Improper neutralization of input provided by user into language functionality allows for SQL Injection attacks. This issue affects older branches of this software...

EUVD-2008-0740

Malware in sbrugna...

jettison: memory exhaustion via user-supplied XML or JSON data

A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack...

RHUB TurboMeeting 安全漏洞

RHUB TurboMeeting is a collaboration solution from RHUB Corp. It provides web conferencing, remote support, audio conferencing, video conferencing, remote access, and webinar support. A security vulnerability exists in RHUB TurboMeeting versions prior to 8.X. The vulnerability is caused by a remo...

TOTOLINK LR1200GB setLanguageCfg function buffer overflow vulnerability

The TOTOLINK LR1200GB is a wireless dual-band 4G LTE router from China's TOTOLINK Electronics TOTOLINK that supports 2.4GHz and 5GHz dual-band networks. The TOTOLINK LR1200GB suffers from a buffer overflow vulnerability that originates from the lang parameter of the setLanguageCfg function of the...

CVE-2024-23751

LlamaIndex aka llamaindex through 0.9.34 allows SQL injection via the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and PGVectorSQLQueryEngine. For example, an attacker might be able to delete this year's student records via "Dro...

Keyboard layout sync failures due to Microsoft API limitation

Symptom 1: In a Windows Server VDA session the keyboard layout might not sync with the client keyboard layout when launching session with the "Sync only once - when the session launches" in the Citrix Workspace App Windows/Linux/Mac keyboard setting. Symptom 2: In a Windows 10/11, Windows Server...

PT-2023-4055 · Mysql Server +7 · Mysql Server +7

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.33 and prior Description: The issue is related to errors in processing input data in the MySQL Server product, specifically in the Server: DDL component. This can be exploited by a high-privileged attacker with netwo...

CVE-2020-10629

WebAccess/NMS versions prior to 3.0.2 does not sanitize XML input. Specially crafted XML input could allow an attacker to read sensitive files...

ISPConfig < 3.1.13 - Remote Command Execution

Title: ISPConfig error'Invalid language.'; The regex checks if the language contains two lower-case characters. The problem is that everything that contains two a-z characters will match the regex. Developer probably missed the ^ $ on the regex to match the entire file. Since in the new versions ...

ISPConfig 3.1.13 - Remote Command Execution

ISPConfig 3.1.13 - Remote Command Execution Title: ISPConfig error'Invalid language.'; The regex checks if the language contains two lower-case characters. The problem is that everything that contains two a-z characters will match the regex. Developer probably missed the ^ $ on the regex to match...

Design/Logic Flaw

The 1 Simplified Chinese, 2 Traditional Chinese, 3 Korean, and 4 Thai language input methods in Sun Solaris 10 create files and directories with weak permissions under a .iiim/le and b .Xlocale in home directories, which might allow local users to write to, or read from, the home directories of...

CVE-2008-0730

The 1 Simplified Chinese, 2 Traditional Chinese, 3 Korean, and 4 Thai language input methods in Sun Solaris 10 create files and directories with weak permissions under a .iiim/le and b .Xlocale in home directories, which might allow local users to write to, or read from, the home directories of...

CVE-2008-0730

Solaris 10 is affected by CVE-2008-0730 via the locale input methods for Simplified Chinese, Traditional Chinese, Korean, and Thai. The vulnerable components create files/directories with weak permissions under .iiim/le and .Xlocale in user home directories, potentially allowing local users to re...

CVE-2008-0730

The 1 Simplified Chinese, 2 Traditional Chinese, 3 Korean, and 4 Thai language input methods in Sun Solaris 10 create files and directories with weak permissions under a .iiim/le and b .Xlocale in home directories, which might allow local users to write to, or read from, the home directories of...