CVE-2021-36124

CVE-2021-36124 affects Echo ShareCare 8.15.5. The root cause is missing authentication/authorization checks when accessing a subset of sensitive resources, allowing unauthenticated users to reach pages that are vulnerable to attacks such as SQL injection. The impact, as described, is that access ...

CVE-2021-36124

An issue was discovered in Echo ShareCare 8.15.5. It does not perform authentication or authorization checks when accessing a subset of sensitive resources, leading to the ability for unauthenticated users to access pages that are vulnerable to attacks such as SQL injection...

CVE-2021-36123

An issue was discovered in Echo ShareCare 8.15.5. The TextReader feature in General/TextReader/TextReader.cfm is susceptible to a local file inclusion vulnerability when processing remote input in the textFile parameter from an authenticated user, leading to the ability to read arbitrary files on...

CVE-2021-36123

The CVE concerns Echo ShareCare 8.15.5. The TextReader feature in General/TextReader/TextReader.cfm is vulnerable to local file inclusion when processing remote input in the textFile parameter from an authenticated user. This allows reading arbitrary files on the server filesystem and any files a...

CVE-2021-33578

Echo ShareCare 8.15.5 is affected by CVE-2021-33578 due to an SQL injection vulnerability in processing remote input from both authenticated and unauthenticated users. The vulnerability can allow bypassing authentication, exfiltrating SQL records, and manipulating data. References corroborate the...

CVE-2021-33578

Echo ShareCare 8.15.5 is susceptible to SQL injection vulnerabilities when processing remote input from both authenticated and unauthenticated users, leading to the ability to bypass authentication, exfiltrate Structured Query Language SQL records, and manipulate data...

Echo ShareCare 安全漏洞

ShareCare is a clinical and financial software system from Echo Group. A security vulnerability exists in Echo ShareCare version 8.15.5 that stems from the TextReader function in General/TextReader/TextReader.cfm being susceptible to a local file inclusion vulnerability when processing remote inp...

Echo ShareCare 代码问题漏洞

ShareCare is a clinical and financial software system from Echo Group. A security vulnerability exists in Echo ShareCare version 8.15.5, which stems from the file upload functionality in "Access/DownloadFeedMnt/FileUploadUpd.cfm" that is susceptible to an unrestricted upload vulnerability via the...

ShareCare SQL注入漏洞

ShareCare is a clinical and financial software system of Echo Group. Echo ShareCare suffers from an SQL injection vulnerability that stems from ShareCare's susceptibility to SQL injection vulnerabilities when processing remote input from arbitrary users...

Exploit for Deserialization of Untrusted Data in Forgerock Access_Management

openam CVE-2021-35464 tomcat 执行命令回显. 项目基于 ysoserialhttps:/...

CVE-2021-21003

In Phoenix Contact FL SWITCH SMCS series products in multiple versions fragmented TCP-Packets may cause a Denial of Service of Web-, SNMP- and ICMP-Echo services. The switching functionality of the device is not affected...

Code injection

In Phoenix Contact FL SWITCH SMCS series products in multiple versions fragmented TCP-Packets may cause a Denial of Service of Web-, SNMP- and ICMP-Echo services. The switching functionality of the device is not affected...

TrendNet TW100-S4W1CA 跨站脚本漏洞

The TrendNet TW100-S4W1CA is a four-port broadband router. A cross-site scripting vulnerability exists in TrendNet TW100-S4W1CA version 2.3.32. The vulnerability can be exploited to inject arbitrary JavaScript into the router's web interface via the echo command...

How to Turn Off Amazon Sidewalk

The company is enlisting your Echo and Ring devices into an internet-sharing mesh network starting Monday. It’s not too late to opt out...

Your Amazon Devices to Automatically Share Your Wi-Fi With Neighbors

Starting June 8, Amazon will automatically enable a feature on its family of hardware devices, including Echo speakers, Ring Video Doorbells, Ring Floodlight Cams, and Ring Spotlight Cams, that will share a small part of your Internet bandwidth with nearby neighbors — unless you choose to opt-out...

Authorization Bypass

github.com/cilium/cilium is vulnerable to authorization bypass. Under certain conditions, ICMP Echo Request sent to a Cilium endpoint from an actor may bypass a network policy which disallows access from the actor to the endpoint, but allows from the endpoint to the actor...

What is Ping of Death Assault?

Ping of death is a strategy for DoS Denial of Service assault. It’s an attack-type that objectifies the ICMP Internet Control Message Protocol and the TCP Transmission Control Protocol, and is quite possibly the most undermining of all ICMP attacks. The ping of death attack is otherwise called a...

GHSA-C66W-HQ56-4Q97 Network policy may be bypassed by some ICMP Echo Requests

Impact Under certain conditions, ICMP Echo Request sent to a Cilium endpoint from an actor may bypass a network policy which disallows access from the actor to the endpoint, but allows from the endpoint to the actor. This does NOT apply to UDP and TCP traffic. The actor is either a pod or a clust...

Network policy may be bypassed by some ICMP Echo Requests

Impact Under certain conditions, ICMP Echo Request sent to a Cilium endpoint from an actor may bypass a network policy which disallows access from the actor to the endpoint, but allows from the endpoint to the actor. This does NOT apply to UDP and TCP traffic. The actor is either a pod or a clust...

New Pingback Malware Using ICMP Tunneling to Evade C&C Detection

Researchers on Tuesday disclosed a novel malware that uses a variety of tricks to stay under the radar and evade detection, while stealthily capable of executing arbitrary commands on infected systems. Called 'Pingback,' the Windows malware leverages Internet Control Message Protocol ICMP tunneli...