49 matches found
D-Link DIR-820 Router OS Command Injection Vulnerability
D-Link DIR-820 routers contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to escalate privileges to root via a crafted payload with the pingaddr parameter to ping.ccp...
PT-2024-14308 · Trendnet · Trendnet Tew-822Dre
Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-822DRE version 1.03B02 Description: An issue allows a local attacker to execute arbitrary code via the ipv4 ping parameter in the "/boafrm/formSystemCheck" API endpoint. Recommendations: For TRENDnet TEW-822DRE version 1.03B02,...
The vulnerability of the /admin_ping.htm file of the POST Request Handler component in the microprogramming software for Trendnet TEW-822DRE allows a attacker to execute arbitrary commands.
The vulnerability of the /adminping.htm file of the POST Request Handler component in the microprogramming system of the Trendnet TEW-822DRE router lies in the insufficient checking of the ipv4ping/ipv6ping argument passed in the command. Exploiting this vulnerability allows a remote attacker to...
CVE-2023-50991
Buffer Overflow vulnerability in Tenda i29 versions 1.0 V1.0.0.5 and 1.0 V1.0.0.2, allows remote attackers to cause a denial of service DoS via the pingIp parameter in the pingSet function...
CVE-2023-46059
Cross Site Scripting XSS vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the Service, and website URL to Ping parameters of the admin/trackback.php component...
CVE-2023-46059
Cross Site Scripting XSS vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the Service, and website URL to Ping parameters of the admin/trackback.php component...
Geeklog 跨站脚本漏洞
Geeklog is Geeklog open source an open source software . Can be used as Weblog, CMS or Web Portal. Geeklog v2.2.2 version of the cross-site scripting vulnerability , the vulnerability stems from the application of the user-supplied data lack of effective filtering and escaping , a remote attacker...
CVE-2023-46059
Cross Site Scripting XSS vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the Service, and website URL to Ping parameters of the admin/trackback.php component...
CVE-2023-46059
Cross Site Scripting XSS vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the Service, and website URL to Ping parameters of the admin/trackback.php component...
CVE-2023-33272
An issue was discovered in DTS Monitoring 3.57.0. The parameter ip within the Ping check function is vulnerable to OS command injection blind...
Command injection
The pingfrom parameter of pingtracerte.cgi in the web UI of Telstra Smart Modem Gen 2 Arcadyan LH1000, firmware versions 0.18.15r, was not properly sanitized before being used in a system call, which could allow an authenticated attacker to achieve command injection as root on the device...
CVE-2023-25280
OS Command injection vulnerability in D-Link DIR820LA1FW105B03 allows attackers to escalate privileges to root via a crafted payload with the pingaddr parameter to ping.ccp...
SUSE CVE-2009-2288
statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 ping or 2 Traceroute parameters...
VulnCheck KEV: CVE-2022-36267
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code...
PT-2022-20978 · Gl.Inet · Gl-Inet Gl-Ax1800 Flint +1
Name of the Vulnerable Software and Affected Versions: gl-inet GL-MT300N-V2 Mango version 3.212 gl-inet GL-AX1800 Flint version 3.214 Description: The issue concerns command injection vulnerabilities. These vulnerabilities can be exploited via the ping addr and trace addr function parameters...
CVE-2022-36559
Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain a command injection vulnerability via the Ping parameter at pingexec.cgi...
CVE-2022-36559
Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain a command injection vulnerability via the Ping parameter at pingexec.cgi...
Command injection
Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain a command injection vulnerability via the Ping parameter at pingexec.cgi...
CVE-2022-36559
Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain a command injection vulnerability via the Ping parameter at pingexec.cgi...
Seiko Solutions SkyBridge MB-A100/A110 命令注入漏洞
The Seiko Solutions SkyBridge MB-A100/A110 is an LTE-compatible IoT router from Seiko Solutions, Japan. A security vulnerability exists in the Seiko Solutions SkyBridge MB-A100/A110 v4.2.0 and earlier, which is caused by a command injection in the Ping parameter in pingexec.cgi...