2576 matches found
PT-2022-8676 · Optilink · Optilink Op-Xt71000N
Name of the Vulnerable Software and Affected Versions: OPTILINK OP-XT71000N version 2.2 Description: The issue is related to Remote Code Execution. It occurs when an attacker sends arbitrary code to the "/diag ping admin.asp" API endpoint, specifically to the "PingTest" interface, leading to...
Optilink Network OP-XT71000N 命令注入漏洞
The Optilink Network OP-XT71000N is a wireless router from Optilink Network India. The Optilink Network OP-XT71000N version V2.2 suffers from a command injection vulnerability that can be exploited remotely when an attacker sends arbitrary code that results in a COMMAND EXECUTION to the "PingTest...
CVE-2022-36784 Elsight – Elsight Halo Remote Code Execution (RCE)
Elsight – Elsight Halo Remote Code Execution RCE Elsight Halo web panel allows us to perform connection validation. through the POST request : /api/v1/nics/wifi/wlan0/ping we can abuse DESTINATION parameter and leverage it to remote code execution...
Elsight Halo 安全漏洞
Elsight Halo is the drone operations management of Elsight, Inc. Elsight Halo suffers from a security vulnerability that stems from the fact that accessing the /api/v1/nics/wifi/wlan0/ping page via a POST request can be used to remotely execute code using the DESTINATION parameter...
PT-2022-23623 · Elfsight · Elsight Halo
Name of the Vulnerable Software and Affected Versions: Elsight Halo affected versions not specified Description: The Elsight Halo web panel allows connection validation through a POST request to /api/v1/nics/wifi/wlan0/ping, which can be exploited by abusing the DESTINATION parameter to achieve...
Researchers Say China State-backed Hackers Breached a Digital Certificate Authority
A suspected Chinese state-sponsored actor breached a digital certificate authority as well as government and defense agencies located in different countries in Asia as part of an ongoing campaign since at least March 2022. Symantec, by Broadcom Software, linked the attacks to an adversarial group...
Zoho ManageEngine Command Injection (CVE-2021-43319)
A command injection vulnerability exists in ManageEngine Network Configuration Manager. This vulnerability is due to insufficient validation in the ipaddress field of the ping functionality in add device web interface...
SmartRG Router SR510n 2.6.13 - Remote Code Execution
Exploit Title: SmartRG Router SR510n 2.6.13 - RCE Remote Code Execution Date: 13/06/2022 Exploit Author: Yerodin Richards Vendor Homepage: https://adtran.com Version: 2.5.15 / 2.6.13 confirmed Tested on: SR506n 2.5.15 & SR510n 2.6.13 CVE : CVE-2022-37661 import requests from subprocess import...
undertow: Double AJP response for 400 from EAP 7 results in CPING failures
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second...
undertow: Double AJP response for 400 from EAP 7 results in CPING failures
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second...
CVE-2022-44019
In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter...
total.js 操作系统命令注入漏洞
total.js is open source a framework developed using JavaScript for the Node.js platform. It can be used to develop web, desktop, service and IoT platforms. An operating system command injection vulnerability exists in versions of total.js prior to 0e5ace7, which stems from /api/common/ping can be...
PT-2022-27081 · Total.Js · Total.Js
Name of the Vulnerable Software and Affected Versions: Total.js versions prior to 0e5ace7 Description: The issue allows remote command execution via shell metacharacters in the host parameter of the "/api/common/ping" API endpoint. Recommendations: For versions prior to 0e5ace7, update to a versi...
CVE-2022-42055
Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system...
CVE-2022-42055
Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system...
Command injection
Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system...
Design/Logic Flaw
An unauthenticated attacker with network access to a victim's Rockwell Automation FactoryTalk Alarm and Events service could open a connection, causing the service to fault and become unavailable. The affected port could be used as a server ping port and uses messages structured with XML...
GL.iNet GoodCloud 操作系统命令注入漏洞
GL.iNet GoodCloud is an IoT device management system from China's Guanglian Zhitong GL.iNet. An operating system command injection vulnerability exists in GL.iNet GoodCloud version 1.00.220412.00, which stems from the presence of multiple command injection vulnerabilities that allow an attacker t...
PT-2022-26225 · Gl.Inet · Gl.Inet Goodcloud Iot Device Management System
Name of the Vulnerable Software and Affected Versions: GL.iNet GoodCloud IoT Device Management System version 1.00.220412.00 Description: The issue concerns command injection vulnerabilities in the ping and traceroute tools of the system, allowing attackers to read arbitrary files on the system...
CVE-2022-42055
GL.iNet GoodCloud IoT Device Management System v1.00.220412.00 is affected by multiple command-injection vulnerabilities in its ping and traceroute tools that allow an attacker to read arbitrary files. Exploitation requires network access with low privileges, and the issues are classified with a ...