CVE-2023-37569 OS Command Injection Vulnerability in Emagic Data Center Management Suite

This vulnerability exists in ESDS Emagic Data Center Management Suit due to lack of input sanitization in its Ping component. A remote authenticated attacker could exploit this by injecting OS commands on the targeted system. Successful exploitation of this vulnerability could allow the attacker ...

ESDS Emagic Data Center Management Suit Operating System Command Injection Vulnerability

ESDS Emagic Data Center Management Suit is an all-in-one virtual data center suite from ESDS, Inc. An operating system command injection vulnerability exists in ESDS Emagic Data Center Management Suit v6.0 and prior versions, which stems from a lack of input cleanup in the Ping component, and can...

PT-2023-26027 · Esds · Esds Emagic Data Center Management Suit

Name of the Vulnerable Software and Affected Versions: ESDS Emagic Data Center Management Suit affected versions not specified Description: The issue is caused by a lack of input sanitization in the Ping component of the ESDS Emagic Data Center Management Suit. A remote authenticated attacker cou...

Moxa AWK-3131A Web Application Ping Command Injection (CVE-2016-8721)

An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can cause an OS Command Injection resulting in complete compromise of the vulnerable device. An...

Moxa EDR 810 Series Improper Input Validation (CVE-2019-10969)

Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution. This plugin only works with Tenable.ot. Please visit...

Moxa NPort W2x50A Authenticated OS Command Injection in Web Server Ping Functionality (CVE-2018-19659)

An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build18082311. A specially crafted HTTP POST request to /goform/netWebPingGetValue can result in running OS commands as the root user. This is...

PT-2023-4340 · Adtran · Adtran Sr400Ac

Name of the Vulnerable Software and Affected Versions: Adtran SR400ac affected versions not specified Description: The issue is related to the lack of input validation in the SmartOS WiFi router ADTRAn SR400ac, allowing remote attackers to execute arbitrary code in the context of the root user. T...

Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adtran SR400ac routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ping command, whi...

WordPress Mass Ping Tool for SEO – Wordpress ping list to get indexed faster on Google, Yandex, … Plugin < 1.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Mass Ping Tool for SEO – Wordpress ping list to get indexed faster on Google, Yandex, … Type Plugin Vulnerable versions 1.0.3 Fixed in 1.0.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer...

PT-2023-5482 · Advantech · Eki-1522 +2

Name of the Vulnerable Software and Affected Versions: Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 Description: The issue is related to a Stored Cross-Site Scripting vulnerability. This vulnerability can be triggered by authenticated users in the ping tool of the web-interface. Th...

CVE-2023-3606

A vulnerability was found in TamronOS up to 20230703. It has been classified as critical. This affects an unknown part of the file /api/ping. The manipulation of the argument host leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

CVE-2023-3606 TamronOS ping os command injection

A vulnerability was found in TamronOS up to 20230703. It has been classified as critical. This affects an unknown part of the file /api/ping. The manipulation of the argument host leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

PT-2023-25418 · Tamronos · Tamronos

Name of the Vulnerable Software and Affected Versions: TamronOS versions up to 20230703 Description: A critical issue has been found, affecting an unknown part of the file "/api/ping". The manipulation of the host argument leads to os command injection, allowing remote attacks. The issue has been...

CVE-2023-24519

Two OS command injection vulnerability exist in the vtyshubus toolshexcute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is i...

Command injection

Two OS command injection vulnerability exist in the vtyshubus toolshexcute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is i...

CVE-2023-24519

Two OS command injection vulnerability exist in the vtyshubus toolshexcute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is i...

CVE-2023-24519

Milesight UR32L (v32.3.0.5) contains OS command injection vulnerabilities in the vtysh_ubus toolsh_excute.constprop.1 function, affecting the router’s HTTP/UBUS interfaces. Talos identifies two CVEs (CVE-2023-24519, CVE-2023-24520) linked to pre-authentication, stack-based command execution via p...

PT-2023-19666 · Milesight · Milesight Ur32L

Name of the Vulnerable Software and Affected Versions: Milesight UR32L version 32.3.0.5 Description: A command injection issue exists in the vtysh ubus tool's toolsh excute.constprop.1 functionality, specifically within the ping tool utility. This allows an attacker to execute commands by sending...

Malicious code in figma-ping (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ebe1815dd250b41e64f2909a2e5146f9cd629767dda41d0a8b14058b18463501 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-440 Malicious code in figma-ping (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ebe1815dd250b41e64f2909a2e5146f9cd629767dda41d0a8b14058b18463501 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...