CVE-2024-49760 OpenRefine has a path traversal in LoadLanguageCommand

OpenRefine is a free, open source tool for working with messy data. The load-language command expects a lang parameter from which it constructs the path of the localization file to load, of the form translations-$LANG.json. But when doing so in versions prior to 3.8.3, it does not check that the...

CVE-2024-49760

CVE-2024-49760 affects OpenRefine: in versions prior to 3.8.3 the load-language command does not verify the target directory, enabling a path traversal to read other JSON files on the file system. The issue is resolved in 3.8.3. Impact details and exploit information are stated in provided docume...

PT-2023-9950 · Unknown · Kau-Boy Backend Localization Plugin

Name of the Vulnerable Software and Affected Versions: Kau-Boy Backend Localization Plugin versions up to 1.6.1 Description: The issue affects the processing of the file backend localization.php, leading to cross-site scripting. The attack can be initiated remotely. Recommendations: For versions ...

Notepad++: A stack buffer overflow in BabyGrid.cpp can lead to program crashes via a malicious localization file

Summary: A stack buffer overflow in BabyGrid.cpp can lead to program crashes via a malicious localization file, when opening the Shortcut Mapper sub-menu Description: Setting a very long name attribute for specific xml tags in the nativeLang.xml will trigger a stack buffer overflow, due to missin...