55 matches found
CVE-2026-9386 Totolink A8000RU Web Management cstecgi.cgi setLanguageCfg os command injection
A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument lang leads to os command injection. The attack may be performed from remote...
PT-2026-36750
A weakness has been identified in Totolink WA300 5.2cu.7112 B20190227. The impacted element is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument langType causes command injection. Remote exploitation of the attack...
CVE-2026-5676
A vulnerability was identified in Totolink A8000R 5.9c.681B20180413. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument langType leads to missing authentication. The attack can be launched remotely. The exploit is publicly available...
EUVD-2026-19434
A vulnerability was identified in Totolink A8000R 5.9c.681B20180413. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument langType leads to missing authentication. The attack can be launched remotely. The exploit is publicly available...
CVE-2026-2084
A weakness has been identified in D-Link DIR-823X 250416. This impacts an unknown function of the file /goform/setlanguage. Executing a manipulation of the argument langSelection can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to...
CVE-2026-2084
A weakness has been identified in D-Link DIR-823X 250416. This impacts an unknown function of the file /goform/setlanguage. Executing a manipulation of the argument langSelection can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to...
CVE-2026-2084 D-Link DIR-823X set_language os command injection
A weakness has been identified in D-Link DIR-823X 250416. This impacts an unknown function of the file /goform/setlanguage. Executing a manipulation of the argument langSelection can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to...
CVE-2026-2084
CVE-2026-2084 affects D-Link DIR-823X (version 250416). A vulnerability in /goform/set_language arises from manipulating the langSelection argument, enabling OS command injection. Attack can be launched remotely and exploits are publicly available. Red Hat/NVD entries confirm the same details; PT...
EUVD-2026-5729
A weakness has been identified in D-Link DIR-823X 250416. This impacts an unknown function of the file /goform/setlanguage. Executing a manipulation of the argument langSelection can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to...
PT-2026-6902
Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A weakness exists in D-Link DIR-823X version 250416. A manipulation of the langSelection argument in the file /goform/set language can lead to os command injection. The attack can be launched remotely...
D-Link DIR-823X 操作系统命令注入漏洞
The D-Link DIR-823X is a wireless router produced by D-Link Corporation. The D-Link DIR-823X 250416 version has a vulnerability related to operating system command injection. This vulnerability stems from incorrect handling of the parameter “langSelection” in the file “goform/setlanguage”, which...
CVE-2025-12241
A vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557B20221024. This impacts the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. The manipulation of the argument lang results in stack-based buffer overflow. It is possible to launch the atta...
CVE-2025-12241 TOTOLINK A3300R POST Parameter cstecgi.cgi setLanguageCfg stack-based overflow
A vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557B20221024. This impacts the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. The manipulation of the argument lang results in stack-based buffer overflow. It is possible to launch the atta...
CVE-2025-12241 TOTOLINK A3300R POST Parameter cstecgi.cgi setLanguageCfg stack-based overflow
A vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557B20221024. This impacts the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. The manipulation of the argument lang results in stack-based buffer overflow. It is possible to launch the atta...
PT-2025-43897
Name of the Vulnerable Software and Affected Versions TOTOLINK A3300R version 17.0.0cu.557 B20221024 Description A flaw exists in TOTOLINK A3300R that allows for remote attacks. The issue is a stack-based buffer overflow within the setLanguageCfg function located in the /cgi-bin/cstecgi.cgi file,...
CVE-2025-11297 Belkin F9K1015 formSetLanguage buffer overflow
A vulnerability was found in Belkin F9K1015 1.00.10. This issue affects some unknown processing of the file /goform/formSetLanguage. Performing a manipulation of the argument webpage results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public an...
BIT-DJANGO-2025-27556
An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.setlanguage are subject to a potential denial-of-service attack v...
Linux Distros Unpatched Vulnerability : CVE-2020-35450
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gobby 0.4.11 allows a NULL pointer dereference in the D-Bus handler for certain setlanguage calls. CVE-2020-35450 Note that Nessus relies on the presence of the...
GHSA-WQFG-M96J-85VM Django Potential Denial of Service (DoS) on Windows
An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.setlanguage are subject to a potential denial-of-service attack v...
Allocation of Resources Without Limits or Throttling
Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView...