CVE-2022-42055

Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system...

PT-2022-24549 · Rockwell Automation · Rockwell Automation Factorytalk Alarm/Events Service

Name of the Vulnerable Software and Affected Versions: Rockwell Automation FactoryTalk Alarm and Events service affected versions not specified Description: The issue allows an unauthenticated attacker with network access to cause the Rockwell Automation FactoryTalk Alarm and Events service to...

PT-2022-20978 · Gl.Inet · Gl-Inet Gl-Ax1800 Flint +1

Name of the Vulnerable Software and Affected Versions: gl-inet GL-MT300N-V2 Mango version 3.212 gl-inet GL-AX1800 Flint version 3.214 Description: The issue concerns command injection vulnerabilities. These vulnerabilities can be exploited via the ping addr and trace addr function parameters...

PT-2022-5278 · D Link · D-Link Covr

Name of the Vulnerable Software and Affected Versions: D-Link COVR versions 1200, 1202, 1203 v1.08 Description: The issue is related to a command injection vulnerability in the SetNetworkTomographySettings function. This vulnerability can be exploited via the tomography ping number parameter,...

D-Link COVR 命令注入漏洞

D-Link COVR is a series of routers from China-based AUO D-Link. A security vulnerability exists in the D-Link COVR 1200, 1203 v1.08 versions, which originates from a command injection vulnerability contained via the tomographypingnumber parameter in the function SetNetworkTomographySettings...

Security Bulletin: Multiple vulnerabilities in HTTP/2 implementation used by Liberty for Java for IBM Cloud

Summary There are multiple vulnerabilities in the HTTP/2 implementation that is used by WebSphere Application Server Liberty. This affects the servlet-4.0 and servlet-3.1 features. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2019-9515 DESCRIPTION: Some HTTP/2...

CVE-2022-1591

The WordPress Ping Optimizer WordPress plugin before 2.35.1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2022-1591

The WordPress Ping Optimizer WordPress plugin before 2.35.1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

Cross site request forgery (csrf)

The WordPress Ping Optimizer WordPress plugin before 2.35.1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2022-1591 WordPress Ping Optimizer < 2.35.1.3.0 - Arbitrary Settings Update via CSRF

The WordPress Ping Optimizer WordPress plugin before 2.35.1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2022-1591

CVE-2022-1591 affects the WordPress Ping Optimizer plugin for WordPress, versions prior to 2.35.1.3.0. The issue is a lack of CSRF protection when updating plugin settings, which could allow an attacker to induce a logged-in admin to change settings via a CSRF attack. The available connected sour...

WordPress plugin WordPress Ping Optimizer 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

PT-2022-13988 · WordPress · Wordpress Ping Optimizer

Name of the Vulnerable Software and Affected Versions: WordPress Ping Optimizer versions prior to 2.35.1.3.0 Description: The issue is related to the lack of a CSRF check when updating settings in the WordPress Ping Optimizer plugin. This could allow attackers to make a logged-in admin change...

CVE-2022-37661

SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable to Remote Code Execution RCE via the ping host feature...

CVE-2022-37661

SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable to Remote Code Execution RCE via the ping host feature...

CVE-2022-37661

SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable to Remote Code Execution RCE via the ping host feature...

Security feature bypass

SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable to Remote Code Execution RCE via the ping host feature...

CVE-2022-37661

SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable to Remote Code Execution RCE via the ping host feature...

PT-2022-24037 · Smartrg · Smartrg Sr506N +1

Name of the Vulnerable Software and Affected Versions: SmartRG SR506n version 2.5.15 SmartRG SR510n version 2.6.13 Description: The issue allows for Remote Code Execution RCE via the ping host feature. Recommendations: For SmartRG SR506n version 2.5.15, consider disabling the ping host feature...

CVE-2022-37779

Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution RCE vulnerability via the sendnum parameter of the ping function...