HTTP/2 DoS Attacks: Ping, Reset, and Settings Floods

Impact Twisted web servers that utilize the optional HTTP/2 support suffer from the following flow-control related vulnerabilities: Ping flood: https://vulners.com/cve/CVE-2019-9512 Reset flood: https://vulners.com/cve/CVE-2019-9514 Settings flood: https://vulners.com/cve/CVE-2019-9515 A Twisted...

GONET-Scanner - Golang Network Scanner With Arp Discovery And Own Parser

ScreenShots Install chmod +x install.sh ./install.sh as root Usage ARP Discovery -ar CIDR -s: Scan ports in all hosts discovered -ap: Scan to 65535 Ports -pr MINPORT MAXPORT: Define Port Range to Scan -1000: Scan Top 1000 ports like nmap -t: Set Timeout in milliseconds EXAMPLES go run...

OS Command Injection

genieacs is vulnerable to OS command injection. An attacker is able to inject malicious OS command via the ping host argument of lib/ui/api.ts and lib/ping.ts because it does not escape the argument and does not properly perform authorization check...

OS Command Injection in GenieACS

In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument lib/ui/api.ts and lib/ping.ts. The vulnerability arises from insufficient input validation combined with a missing authorization check...

GHSA-2877-693Q-PJ33 OS Command Injection in GenieACS

In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument lib/ui/api.ts and lib/ping.ts. The vulnerability arises from insufficient input validation combined with a missing authorization check...

CVE-2021-46704

In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument lib/ui/api.ts and lib/ping.ts. The vulnerability arises from insufficient input validation combined with a missing authorization check...

Command injection

In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument lib/ui/api.ts and lib/ping.ts. The vulnerability arises from insufficient input validation combined with a missing authorization check...

CVE-2022-25060

TP-LINK TL-WR840NESV6.20180709 was discovered to contain a command injection vulnerability via the component oalstartPing...

Security Bulletin: Netty vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-9514, CVE-2019-9512, CVE-2019-9518, CVE-2019-9515)

Summary Netty denial of service vulnerabilities affect IBM Spectrum Control formerly Tivoli Storage Productivity Center. Vulnerability Details CVEID: CVE-2019-9514 DESCRIPTION: Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker...

CVE-2021-21966

An information disclosure vulnerability exists in the HTTP Server /ping.html functionality of Texas Instruments CC3200 SimpleLink Solution NWP 2.9.0.0. A specially-crafted HTTP request can lead to an uninitialized read. An attacker can send an HTTP request to trigger this vulnerability...

Texas Instruments Cc3200 SimpleLink Solution Nwp 环境问题漏洞

Texas Instruments Cc3200 SimpleLink Solution Nwp is a Texas Instruments microcontroller with built-in 2.4Ghz Wifi functionality from Texas Instruments, Inc. An environmental issue vulnerability exists in the Texas Instruments Cc3200 SimpleLink Solution Nwp version 2.9.0.0, which stems from an...

Wire webapp has an unspecified vulnerability

Wire is a chat software from a personal developer. The software supports Web, WindowsiOS, Android, and OS X platforms, has a group feature, can make voice calls, send photos, and its original way of saying hello, PING. wire webapp has a security vulnerability, and no details of the vulnerability...

CVE-2021-46452

D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via the tomographypingaddress, tomographypingnumber, tomographypingsize,...

CVE-2020-36056

Beetel 777VR1-DI Hardware Version REV.1.01 Firmware Version V01.00.0955 was discovered to contain a cross-site scripting XSS vulnerability via the Ping diagnostic option...

CVE-2020-36056

Beetel 777VR1-DI Hardware Version REV.1.01 Firmware Version V01.00.0955 was discovered to contain a cross-site scripting XSS vulnerability via the Ping diagnostic option...

CVE-2020-36056

Beetel 777VR1-DI Hardware Version REV.1.01 Firmware Version V01.00.0955 was discovered to contain a cross-site scripting XSS vulnerability via the Ping diagnostic option...

Cross site scripting

Beetel 777VR1-DI Hardware Version REV.1.01 Firmware Version V01.00.0955 was discovered to contain a cross-site scripting XSS vulnerability via the Ping diagnostic option...

CVE-2020-36056

CVE-2020-36056 affects the Beetel 777VR1-DI router (Hardware REV.1.01, Firmware V01.00.09_55). The vulnerability is a cross-site scripting (XSS) flaw in the Ping diagnostic option that can be triggered via user input to execute client-side code. Public details confirm the affected product and the...

CVE-2020-36056

Beetel 777VR1-DI Hardware Version REV.1.01 Firmware Version V01.00.0955 was discovered to contain a cross-site scripting XSS vulnerability via the Ping diagnostic option...

Beetel 777VR1 跨站脚本漏洞

The Beetel 777VR1 is a router from Beetel. A cross-site scripting vulnerability exists in the Beetel 777VR1-DI that stems from the product's Ping diagnostic option failing to properly handle user input data. The vulnerability can be exploited to execute client-side code. The following products an...