The vulnerability of the Babel.Locale function in the library that helps to internationalize and localize Python applications allows attackers to execute arbitrary code.

The vulnerability of the Babel.Locale function in the library for helping with internationalization and localization of Python applications is related to an incorrect restriction on the path to a limited directory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

Carbon 安全漏洞

Carbon is a DateTime PHP extension to the Carbon open source. A security vulnerability exists in Carbon versions prior to 3.0.0 through 3.8.4 and prior to 2.72.6, which stems from an arbitrary file inclusion vulnerability when passing unfiltered user input to the Carbon::setLocale application,...

Case Insensitive Input Validation

org.springframework, spring-context is vulnerable to Case Insensitive Input Validation. The vulnerability is due to improper handling of case insensitivity in String.toLowerCase, where the fix for making disallowedFields patterns case insensitive inadvertently introduced a risk. This behavior...

SUSE CVE-2016-6294

The localeacceptfromhttp function in ext/intl/locale/localemethods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU ulocacceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service out-of-bounds read or...

Moment.js: Path traversal in moment.locale

A path traversal vulnerability was found in Moment.js that impacts npm server users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity...

PYSEC-2021-421

Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files containing serialized Python objects via directory traversal, leading to code execution...

nodejs-y18n: prototype pollution vulnerability

A flaw was found in nodejs-y18n. There is a prototype pollution vulnerability in y18n's locale functionality. If an attacker is able to provide untrusted input via locale, they may be able to cause denial of service or in rare circumstances, impact to data integrity or confidentiality...

PT-2011-1024 · Icu +3 · International Components For Unicode +3

Name of the Vulnerable Software and Affected Versions: International Components for Unicode ICU versions prior to 49.1 Description: The issue is related to a stack-based buffer overflow in the canonicalize function in common/uloc.c that allows remote attackers to execute arbitrary code via a...

locale_sol.txt

----/ Exploiting the Libc Locale Subsystem Format String Vulnerability on Solaris/SPARC ---/ 10/10/2000 -/ Solar Eclipse ---/ I. Introduction This paper describes in detail the exploitation of the libc locale format strin g vulnerability on Solaris/SPARC. The full source code for the exploit is...

Solaris 2.67.0 locale - Subsystem Format String

Solaris 2.67.0 locale - Subsystem Format String / source: https://www.securityfocus.com/bid/1634/info nectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems provi...

RedHat 6 GLIBC/locale - Subsystem Format String

/ source: https://www.securityfocus.com/bid/1634/info Conectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems provide internationalization support according to t...