Intelligent Power Protector 跨站脚本漏洞

Intelligent Power Protector is a Intelligent Power Program. A security vulnerability exists in Intelligent Power Protector versions prior to 1.69 that stems from insufficient validation of certain resource inputs by the IPP software. An attacker could exploit this vulnerability to access the loca...

GHSA-F9FQ-VJVH-779P Improper Input Validation in vault-ssh-helper

HashiCorp vault-ssh-helper github.com/hashicorp/vault-ssh-helper/helper up to and including version 0.1.6 incorrectly accepted Vault-issued SSH OTPs for the subnet in which a host's network interface was located, rather than the specific IP address assigned to that interface. Fixed in 0.2.0...

Exploit for SQL Injection in Phpipam

CVE-2022-23046 PhpIPAM v1.4.4 allows an authenticated admin u...

The vulnerability of the app/admin/routing/edit-bgp-mapping-search.php web application for managing IP addresses in phpipam allows a attacker to execute arbitrary SQL queries.

The vulnerability of the app/admin/routing/edit-bgp-mapping-search.php web application for managing IP addresses in phpipam lies in the lack of measures taken to protect the SQL query structure when processing the “subnet” parameter. Exploiting this vulnerability allows a malicious actor to execu...

Exploit for SQL Injection in Phpipam

CVE-2022-23046 The original discovery and manual PoC is from...

CVE-2022-23046

PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php...

CVE-2022-23046

PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php...

Code injection

PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php...

CVE-2022-23046

CVE-2022-23046 : PhpIPAM v1.4.4 enables an authenticated admin to inject SQL via the subnet parameter when searching in app/admin/routing/edit-bgp-mapping-search.php. Root cause is SQL injection reachable through the subnet field with authenticated access, potentially exposing database informatio...

CVE-2022-23046

PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php...

CVE-2021-23842 Use of Hard-coded Cryptographic Key

Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric encryption called Blowfish. An attacker could retrieve the key from the firmware to decrypt network traffic between the AMC2 and the host system. Thus, an attacker can exploit this vulnerability to decrypt and...

phpIPAM SQL注入漏洞

phpIPAM is an open source PHP and MySQL based IP address management application IPAM. A SQL injection vulnerability exists in PhpIPAM v1.4.4, which originates from an authenticated administrator user being able to insert SQL statements in the subnet parameter when searching for subnets via...

Vpn Plugin replacing destination IP with 0.0.0.0 for the 172.16.0.0/16 subnet - Spoofed IP to original IP.

ADC - While using VPN Plugin to access intranet resources, addresses for the subnet 172.16.0.0/16 are replaced by spoofed IP with a message similar to this: "Replaced the spoofed ip 172.16.10.10to original IP 0.0.0.0 in ICMP packet" And the traffic never reaches the destination...

CVE-2021-3791

An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same subnet to download an encrypted log file containing sensitive information such as WiFi SSID and password...

CVE-2021-3791

An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same subnet to download an encrypted log file containing sensitive information such as WiFi SSID and password...

Information disclosure

An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same subnet to download an encrypted log file containing sensitive information such as WiFi SSID and password...

CVE-2021-3791

An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same subnet to download an encrypted log file containing sensitive information such as WiFi SSID and password...

Fortinet FortiOS Default Configuration Vulnerability

Fortinet FortiOS contains a default configuration vulnerability that may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the Lightweight Directory Access Protocol LDAP server...

CVE-2021-31371

Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an QFX5000 Series switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the...

Information disclosure

Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an QFX5000 Series switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the...