CVE-2022-24910

A buffer overflow vulnerability exists in the httpd parsepingresult API functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability...

CVE-2022-30525 (FIXED): Zyxel Firewall Unauthenticated Remote Command Injection

Rapid7 discovered and reported a vulnerability that affects Zyxel firewalls supporting Zero Touch Provisioning ZTP, which includes the ATP series, VPN series, and the USG FLEX series including USG20-VPN and USG20W-VPN. The vulnerability, identified as CVE-2022-30525, allows an unauthenticated and...

InHand Networks InRouter302 缓冲区错误漏洞

InHand Networks InRouter Series is a series of routers from InHand Networks, U.S.A. A buffer overflow vulnerability exists in InHand Networks InRouter302 version V3.5.4, which stems from the httpd parsepingresult API function A boundary error occurs when handling untrusted input, which can be...

CVE-2022-27224

An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated attacker can perform command injection as root via shell metacharacters within the Network Tools section of the web-management interface. All three networking tools are affected Ping, Traceroute, and...

CVE-2022-27224

An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated attacker can perform command injection as root via shell metacharacters within the Network Tools section of the web-management interface. All three networking tools are affected Ping, Traceroute, and...

Command injection

An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated attacker can perform command injection as root via shell metacharacters within the Network Tools section of the web-management interface. All three networking tools are affected Ping, Traceroute, and...

CVE-2022-27224

An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated attacker can perform command injection as root via shell metacharacters within the Network Tools section of the web-management interface. All three networking tools are affected Ping, Traceroute, and...

CVE-2022-23332

Command injection vulnerability in Manual Ping Form Web UI in Shenzhen Ejoin Information Technology Co., Ltd. ACOM508/ACOM516/ACOM532 609-915-041-100-020 allows a remote attacker to inject arbitrary code via the field...

CVE-2022-23332

Command injection vulnerability in Manual Ping Form Web UI in Shenzhen Ejoin Information Technology Co., Ltd. ACOM508/ACOM516/ACOM532 609-915-041-100-020 allows a remote attacker to inject arbitrary code via the field...

Shenzhen Ejoin Information Technology Manual Ping Form 代码注入漏洞

Shenzhen Ejoin Information Technology Manual Ping Form is a manual ping form component from Shenzhen Ejoin Information Technology Shenzhen, China. A code injection vulnerability exists in Manual Ping Form Web UI, which originates from a command injection issue in the Web UI of Manual Ping Form. A...

PT-2022-15936 · Shenzhen Ejoin Information Technology Co. · Acom532 +2

Name of the Vulnerable Software and Affected Versions: Shenzhen Ejoin Information Technology Co., Ltd. ACOM508/ACOM516/ACOM532 versions 609-915-041-100-020 Description: A command injection issue exists in the Manual Ping Form of the Web UI, allowing a remote attacker to inject arbitrary code via ...

CVE-2022-1389

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP fixed in 17.0.0, a cross-site request forgery CSRF vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This vulnerability allows an attacker to run a limited set of commands: ping,...

Cross site request forgery (csrf)

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP fixed in 17.0.0, a cross-site request forgery CSRF vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This vulnerability allows an attacker to run a limited set of commands: ping,...

CVE-2022-1389

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP fixed in 17.0.0, a cross-site request forgery CSRF vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This vulnerability allows an attacker to run a limited set of commands: ping,...

F5 Networks BIG-IP : BIG-IP TMUI CSRF vulnerability (K49905324)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K49905324 advisory. - On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP fixed in 17.0.0, a cross-site request...

CVE-2022-1389

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP fixed in 17.0.0, a cross-site request forgery CSRF vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This vulnerability allows an attacker to run a limited set of commands: ping,...

Ping Identity Windows PingId 信任管理问题漏洞

Ping Identity Windows PingId is a software from Ping Identity, Inc. that provides security for applications. A vulnerability with trust management issues exists in PingId Integration for Windows Login 2.4.1 and prior versions, which stems from the use of static encryption key material to allow...

Tenda HG6 3.3.0 Remote Command Injection

Tenda HG6 v3.3.0 Remote Command Injection Vulnerability Vendor: Tenda Technology Co.,Ltd. Product web page: https://www.tendacn.com https://www.tendacn.com/product/HG6.html Affected version: Firmware version: 3.3.0-210926 Software version: v1.1.0 Hardware Version: v1.0 Check Version:...

CVE-2022-23722

When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user’s password...

PT-2022-11528 · Ping Identity · Pingid Desktop

Name of the Vulnerable Software and Affected Versions: PingID Desktop versions prior to 1.7.3 Description: The issue is related to a misconfiguration in the encryption libraries of PingID Desktop, which can lead to sensitive data exposure. An attacker capable of exploiting this issue may be able ...