CVE-2024-22116 Remote code execution within ping script

An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure...

CVE-2024-22116

CVE-2024-22116 affects Zabbix: an administrator with restricted permissions can abuse the Script Execution feature in the Monitoring Hosts section by exploiting the Ping script’s parameters, due to missing default escaping. This leads to arbitrary code execution and infrastructure compromise. Pub...

CVE-2024-22116 Remote code execution within ping script

An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure...

PT-2024-5538 · Zabbix +3 · Zabbix +3

Name of the Vulnerable Software and Affected Versions: Zabbix versions 6.4.0 through 6.4.15 Zabbix versions 7.0.0alpha1 through 7.0.0rc2 Description: The issue is related to the lack of default escaping for script parameters in the Monitoring Hosts section of Zabbix, allowing an administrator wit...

VulnCheck KEV: CVE-2021-21805

An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. A specially crafted HTTP request can lead to arbitrary OS command execution. An attacker can send a crafted HTTP request to trigger this vulnerability...

Hikvision Intercom Broadcasting System Operating System Command Injection Vulnerability

Hikvision Intercom Broadcasting System is an intercom broadcasting system from Hikvision China. An operating system command injection vulnerability exists in Hikvision Intercom Broadcasting System version 3.0.320201113RELEASE HIK, which stems from the parameter jsondataip in the file /php/ping.ph...

CVE-2023-46055

An issue in ThingNario Photon v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the ping function to the "thingnario Logger Maintenance Webpage" endpoint...

PT-2023-29814 · Unknown · Thingnario Photon

Name of the Vulnerable Software and Affected Versions: ThingNario Photon version 1.0 Description: An issue in the software allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the ping function at the "thingnario Logger Maintenance Webpage" endpoint...

CVE-2021-3149

On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manualping.cgi allows OS command injection after authentication by the attacker because the system C library function is used unsafely...

CVE-2020-9026

ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the PING field of the resource ping.cmd. The NTP-2 device is also affected...

D-Link DSL-2640U and DSL-2540U Remote Code Execution Vulnerability

The D-Link DSL-2640U and DSL-2540U are both router products from AUO D-Link. A remote code execution vulnerability exists in the diagping.cmd file in D-Link DSL-2640U devices with firmware versions IM1.00 and ME1.00 and DSL-2540U devices with firmware version ME1.00. A remote attacker can exploit...

The vulnerability of the “ping.cgi” script in the embedded software of the NetCommWireless HSPA 3G10WVE router allows a hacker to execute arbitrary commands.

The vulnerability of the “ping.cgi” script in the embedded software of the NetCommWireless HSPA 3G10WVE router is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands using the “DIAIPADDRESS” parameter, by...

Russcom Ping Remote code execution

Russcom Ping Remote code execution Discovered by: Nomenumbra Date: 21/5/2006 impact:high Remote code execution Russcom's Ping script allows attackers to execute arbitrary code trough command piping after the ip e.g 127.0.0.1 | nc -l -p 666 -e /bin/sh would grant a bindshell Nomenumbra...

kapda-23.txt

KAPDA::23 - The WorldsEnd.NET - Free Ping Script, written in PHP 2 vulns KAPDA New advisory Vulnerable products : The WorldsEnd.NET - Free Ping Script Vendor: http://www.theworldsend.net/ Risk: Low Vulnerabilities: Restriction Bypass Date : -------------------- Found : Aug 2005 Vendor Contacted :...

The WorldsEnd.NET - Free Ping Script, written in PHP (2 vulns)

KAPDA::23 - The WorldsEnd.NET - Free Ping Script, written in PHP 2 vulns KAPDA New advisory Vulnerable products : The WorldsEnd.NET - Free Ping Script Vendor: http://www.theworldsend.net/ Risk: Low Vulnerabilities: Restriction Bypass Date : -------------------- Found : Aug 2005 Vendor Contacted :...