2679 matches found
PT-2026-35206
A vulnerability was found in Typecho up to 1.3.0. This vulnerability affects the function Service::sendPingHandle of the file var/Widget/Service.php of the component Ping Back Service Endpoint. The manipulation of the argument X-Pingback/link results in server-side request forgery. The attack may...
Command-Injection
📄 Write-up : Command Injection - Filter Bypass Root-Me Challe...
CVE-2026-38834
Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the dopingaction function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
EUVD-2026-24503
A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unknown functionality of the file /cgi-bin/mbox-config?method=SET§ion=pingconfig of the component Endpoint. Performing a manipulation of the argument destination results in command injection. The...
CVE-2026-38834
Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the dopingaction function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2026-38834
Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the dopingaction function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
PT-2026-34192
A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unknown functionality of the file /cgi-bin/mbox-config?method=SET§ion=ping config of the component Endpoint. Performing a manipulation of the argument destination results in command injection. The...
CVE-2026-38834
Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the dopingaction function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
Tenda W30E 安全漏洞
The Tenda W30E is a router produced by the Chinese company Tenda. The Tenda W30E V2.0 V16.01.0.21 version has a security vulnerability. This vulnerability stems from the improper validation of the hostName parameter in the dopingaction function, which may lead to command injection attacks...
Comfast CF-N1-S 注入漏洞
The Comfast CF-N1-S is a wireless network adapter device developed by Comfast Corporation. Version 2.6.0.1 of the Comfast CF-N1-S contains a vulnerability caused by incorrect handling of the Endpoint component parameter “destination” in the file /cgi-bin/mbox-config?method=SET§ion=pingconfig. Thi...
PT-2026-34016
🚨CVE CVE-2026-38834 Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the do ping action function via the hostName parameter. This vulnerability allow… https://t.co/tKrNtNWoPC ----- Traducción: Se encontró que CV… https://t.co/utmtNgl3sv...
D-Link DI-8003 and DI-8003G Buffer Overflow Vulnerability
The D-Link DI-8003 and DI-8003G are both wireless routers from China-based AUO D-Link. A buffer overflow vulnerability exists in the D-Link DI-8003 and DI-8003G. The vulnerability is caused due to incorrect boundary checking in the wanping.asp script and can be exploited by an attacker to cause a...
GHSA-5HVV-M4W4-GF6V OAuth2 Proxy's Health Check User-Agent Matching Bypasses Authentication in auth_request Mode
Impact A configuration-dependent authentication bypass exists in OAuth2 Proxy. Deployments are affected when all of the following are true: - OAuth2 Proxy is used with an authrequest-style integration for example, nginx authrequest - --ping-user-agent is set or --gcp-healthchecks is enabled In...
PT-2026-32955
Name of the Vulnerable Software and Affected Versions OAuth2 Proxy versions prior to 7.15.2 Description A configuration-dependent authentication bypass exists in deployments using auth request-style integration, such as nginx auth request. The issue occurs when either the --ping-user-agent variab...
CVE-2025-50669
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 and DI-8003G 19.12.10A1 due to improper handling of the wanping parameter in the /wanping.asp endpoint...
📄 D-Link DIR-650IN Command Injection
Proof of concept details for an authenticated command injection vulnerability in D-Link DIR-650IN. Exploit Title: D-Link DIR-650IN - Authenticated Command Injection Date: 2023-01-08 Exploit Author: Sanjay Singh Vendor Homepage: https://www.dlink.com Software Link:...
D-Link DIR-650IN - Authenticated Command Injection
Exploit Title: D-Link DIR-650IN - Authenticated Command Injection Date: 2023-01-08 Exploit Author: Sanjay Singh Vendor Homepage: https://www.dlink.com Software Link: https://dlinkmea.com/index.php/product/details?det=T082aVdUWUFNR2FRblBBQUxMWlVTZz09 Version: Firmware V1.04 REQUIRED Tested on:...
EUVD-2025-209359
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 and DI-8003G 19.12.10A1 due to improper handling of the wanping parameter in the /wanping.asp endpoint...
CVE-2025-50669
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 and DI-8003G 19.12.10A1 due to improper handling of the wanping parameter in the /wanping.asp endpoint...
EUVD-2025-209288
An insufficient granularity of access control vulnerability exists in PingIDM formerly ForgeRock Identity Management where administrators cannot properly configure access rules for Remote Connector Servers RCS running in client mode. This means attackers can spoof a client-mode RCS if one exists ...