Exploit for Improper Authentication in Influxdata Influxdb

LAB 5-CVE-2019-20933 I. SYSTEM ANALYSIS Identify...

CVE-2025-50669

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 and DI-8003G 19.12.10A1 due to improper handling of the wanping parameter in the /wanping.asp endpoint...

CVE-2025-50669

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 and DI-8003G 19.12.10A1 due to improper handling of the wanping parameter in the /wanping.asp endpoint...

CVE-2025-50669

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 and DI-8003G 19.12.10A1 due to improper handling of the wanping parameter in the /wanping.asp endpoint...

CVE-2025-50669

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 and DI-8003G 19.12.10A1 due to improper handling of the wanping parameter in the /wanping.asp endpoint...

CVE-2025-50669

The CVE-2025-50669 entry affects D-Link DI-8003 (16.07.26A1) and DI-8003G (19.12.10A1). Root cause: improper handling of the wan_ping parameter in /wan_ping.asp leading to a buffer overflow. Documented impact is a vulnerability in these devices; no exploitation details are provided in the connect...

PT-2026-31401

Name of the Vulnerable Software and Affected Versions D-Link DI-8003 version 16.07.26A1 D-Link DI-8003G version 19.12.10A1 Description A buffer overflow exists due to improper handling of the wan ping parameter in the /wan ping.asp API endpoint. Recommendations Update D-Link DI-8003 to a version...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the GET /api/badge/:id/ping/:duration? endpoint, which fails to verify if the requested monitor belongs to a public group. An attacker can access average ping and response time data for private monitors by...

CVE-2026-2909

A vulnerability was detected in Tenda HG9 300001138. This affects an unknown part of the file /boaform/formPing of the component Diagnostic Ping Endpoint. Performing a manipulation of the argument pingAddr results in stack-based buffer overflow. The attack is possible to be carried out remotely...

CVE-2026-2909

A vulnerability was detected in Tenda HG9 300001138. This affects an unknown part of the file /boaform/formPing of the component Diagnostic Ping Endpoint. Performing a manipulation of the argument pingAddr results in stack-based buffer overflow. The attack is possible to be carried out remotely...

CVE-2026-2909 Tenda HG9 Diagnostic Ping Endpoint formPing stack-based overflow

A vulnerability was detected in Tenda HG9 300001138. This affects an unknown part of the file /boaform/formPing of the component Diagnostic Ping Endpoint. Performing a manipulation of the argument pingAddr results in stack-based buffer overflow. The attack is possible to be carried out remotely...

CVE-2026-2909 Tenda HG9 Diagnostic Ping Endpoint formPing stack-based overflow

A vulnerability was detected in Tenda HG9 300001138. This affects an unknown part of the file /boaform/formPing of the component Diagnostic Ping Endpoint. Performing a manipulation of the argument pingAddr results in stack-based buffer overflow. The attack is possible to be carried out remotely...

CVE-2026-2909

A vulnerability was detected in Tenda HG9 300001138. This affects an unknown part of the file /boaform/formPing of the component Diagnostic Ping Endpoint. Performing a manipulation of the argument pingAddr results in stack-based buffer overflow. The attack is possible to be carried out remotely...

Tenda HG9 安全漏洞

The Tenda HG9 is a WiFi router produced by the Chinese company Tenda. The Tenda HG9 300001138 version has a security vulnerability. This vulnerability stems from incorrect handling of the parameter “pingAddr” in the file/boaform/formPing of the Diagnostic Ping Endpoint component, which may lead t...

CVE-2026-25123 Homarr affected by Unauthenticated SSRF / Port-Scan Primitive via widget.app.ping

Homarr is an open-source dashboard. Prior to 1.52.0, a public unauthenticated tRPC endpoint widget.app.ping accepts an arbitrary url and performs a server-side request to that URL. This allows an unauthenticated attacker to trigger outbound HTTP requests from the Homarr server, enabling SSRF...

Exploit for OS Command Injection in Amttgroup Hibos

CVE-2016-15048 Test Environment This directory contains a vul...

CVE-2025-63213

The QVidium Opera11 device firmware version 2.9.0-Ax4x-opera11 is vulnerable to Remote Code Execution RCE due to improper input validation on the /cgi-bin/netping.cgi endpoint. An attacker can exploit this vulnerability by sending a specially crafted GET request with a malicious parameter to inje...

QVidium Opera11 安全漏洞

QVidium Opera11 is a broadcast codec device from QVidium Corporation, USA. A security vulnerability exists in QVidium Opera11 version 2.9.0-Ax4x-opera11, which originates from improper validation of /cgi-bin/netping.cgi endpoint inputs and could lead to remote code execution...

CVE-2025-63213

The CVE-2025-63213 issue affects QVidium Opera11 firmware 2.9.0-Ax4x-opera11. The vulnerability is an RCE caused by improper input validation on /cgi-bin/net_ping.cgi, allowing a crafted GET request to inject commands that execute with root privileges. Impact is full device control as described i...

PT-2025-47525

Name of the Vulnerable Software and Affected Versions QVidium Opera11 firmware version 2.9.0-Ax4x-opera11 Description The QVidium Opera11 device is susceptible to Remote Code Execution RCE because of inadequate input validation. An attacker can exploit this by sending a crafted GET request to the...