Lucene search
K

49 matches found

CISA KEV Catalog
CISA KEV Catalog
added 2024/09/30 12:0 a.m.313 views

D-Link DIR-820 Router OS Command Injection Vulnerability

D-Link DIR-820 routers contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to escalate privileges to root via a crafted payload with the pingaddr parameter to ping.ccp...

9.8CVSS7.7AI score0.98053EPSS
In wildExploits1
Positive Technologies
Positive Technologies
added 2024/02/01 12:0 a.m.4 views

PT-2024-14308 · Trendnet · Trendnet Tew-822Dre

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-822DRE version 1.03B02 Description: An issue allows a local attacker to execute arbitrary code via the ipv4 ping parameter in the "/boafrm/formSystemCheck" API endpoint. Recommendations: For TRENDnet TEW-822DRE version 1.03B02,...

6.8CVSS7.4AI score0.07319EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2024/01/31 12:0 a.m.6 views

The vulnerability of the /admin_ping.htm file of the POST Request Handler component in the microprogramming software for Trendnet TEW-822DRE allows a attacker to execute arbitrary commands.

The vulnerability of the /adminping.htm file of the POST Request Handler component in the microprogramming system of the Trendnet TEW-822DRE router lies in the insufficient checking of the ipv4ping/ipv6ping argument passed in the command. Exploiting this vulnerability allows a remote attacker to...

8.3CVSS7.5AI score0.08648EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2024/01/05 10:15 a.m.2 views

CVE-2023-50991

Buffer Overflow vulnerability in Tenda i29 versions 1.0 V1.0.0.5 and 1.0 V1.0.0.2, allows remote attackers to cause a denial of service DoS via the pingIp parameter in the pingSet function...

7.5CVSS6AI score0.08844EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/10/24 12:15 a.m.2 views

CVE-2023-46059

Cross Site Scripting XSS vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the Service, and website URL to Ping parameters of the admin/trackback.php component...

4.8CVSS6.2AI score0.00596EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/10/23 12:0 a.m.15 views

CVE-2023-46059

Cross Site Scripting XSS vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the Service, and website URL to Ping parameters of the admin/trackback.php component...

5.3AI score0.00596EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/10/23 12:0 a.m.2 views

Geeklog 跨站脚本漏洞

Geeklog is Geeklog open source an open source software . Can be used as Weblog, CMS or Web Portal. Geeklog v2.2.2 version of the cross-site scripting vulnerability , the vulnerability stems from the application of the user-supplied data lack of effective filtering and escaping , a remote attacker...

4.8CVSS6.7AI score0.00596EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/10/23 12:0 a.m.9 views

CVE-2023-46059

Cross Site Scripting XSS vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the Service, and website URL to Ping parameters of the admin/trackback.php component...

6.3AI score0.00596EPSS
Exploits1References1
OSV
OSV
added 2023/10/23 12:0 a.m.16 views

CVE-2023-46059

Cross Site Scripting XSS vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the Service, and website URL to Ping parameters of the admin/trackback.php component...

4.8CVSS6.5AI score0.00596EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2023/10/03 9:15 p.m.5 views

CVE-2023-33272

An issue was discovered in DTS Monitoring 3.57.0. The parameter ip within the Ping check function is vulnerable to OS command injection blind...

9.8CVSS7.3AI score0.02503EPSS
Exploits1References2
Prion
Prion
added 2023/09/20 1:15 p.m.19 views

Command injection

The pingfrom parameter of pingtracerte.cgi in the web UI of Telstra Smart Modem Gen 2 Arcadyan LH1000, firmware versions 0.18.15r, was not properly sanitized before being used in a system call, which could allow an authenticated attacker to achieve command injection as root on the device...

6.5CVSS8.7AI score0.15749EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/03/16 12:0 a.m.45 views

CVE-2023-25280

OS Command injection vulnerability in D-Link DIR820LA1FW105B03 allows attackers to escalate privileges to root via a crafted payload with the pingaddr parameter to ping.ccp...

9.8AI score0.98053EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:3 a.m.4 views

SUSE CVE-2009-2288

statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 ping or 2 Traceroute parameters...

7.5CVSS7.8AI score0.83453EPSS
Exploits14References4
VulnCheck KEV
VulnCheck KEV
added 2023/02/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-36267

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code...

9.8CVSS7.4AI score0.53752EPSS
Exploits5References1
Positive Technologies
Positive Technologies
added 2022/10/27 12:0 a.m.10 views

PT-2022-20978 · Gl.Inet · Gl-Inet Gl-Ax1800 Flint +1

Name of the Vulnerable Software and Affected Versions: gl-inet GL-MT300N-V2 Mango version 3.212 gl-inet GL-AX1800 Flint version 3.214 Description: The issue concerns command injection vulnerabilities. These vulnerabilities can be exploited via the ping addr and trace addr function parameters...

6.8CVSS7.1AI score0.15933EPSS
Exploits4References5
ATTACKERKB
ATTACKERKB
added 2022/08/29 11:15 p.m.5 views

CVE-2022-36559

Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain a command injection vulnerability via the Ping parameter at pingexec.cgi...

9.8CVSS7.3AI score0.01692EPSS
Exploits0References3
OSV
OSV
added 2022/08/29 11:15 p.m.6 views

CVE-2022-36559

Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain a command injection vulnerability via the Ping parameter at pingexec.cgi...

9.8CVSS5.8AI score0.01692EPSS
Exploits0References2
Prion
Prion
added 2022/08/29 11:15 p.m.37 views

Command injection

Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain a command injection vulnerability via the Ping parameter at pingexec.cgi...

7.5CVSS9.8AI score0.01692EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/08/29 10:46 p.m.19 views

CVE-2022-36559

Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain a command injection vulnerability via the Ping parameter at pingexec.cgi...

10AI score0.01692EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/08/29 12:0 a.m.5 views

Seiko Solutions SkyBridge MB-A100/A110 命令注入漏洞

The Seiko Solutions SkyBridge MB-A100/A110 is an LTE-compatible IoT router from Seiko Solutions, Japan. A security vulnerability exists in the Seiko Solutions SkyBridge MB-A100/A110 v4.2.0 and earlier, which is caused by a command injection in the Ping parameter in pingexec.cgi...

9.8CVSS7.4AI score0.01692EPSS
Exploits0References3
Rows per page
Query Builder