Smurf DDoS attack:❗️ How it works and how to mitigate

Attacks geared at denying users access to servers are executed in different ways. One notable approach — similar in many forms of service denials — is the use of volume. The sheer volume of requests is employed by attackers to render a particular network useless. A good representation of that is...

CVE-2021-39270

In Ping Identity RSA SecurID Integration Kit before 3.2, user impersonation can occur...

CVE-2021-39270

In Ping Identity RSA SecurID Integration Kit before 3.2, user impersonation can occur...

Design/Logic Flaw

In Ping Identity RSA SecurID Integration Kit before 3.2, user impersonation can occur...

CVE-2021-39270

In Ping Identity RSA SecurID Integration Kit before 3.2, user impersonation can occur...

CVE-2021-39270

Ping Identity RSA SecurID Integration Kit vulnerable before version 3.2, where user impersonation is possible. The issue affects the RSA SecurID Integration Kit (Ping Identity) prior to 3.2 and is described as a design/logic flaw enabling impersonation of users. Impact is limited to the affected ...

Ping Identity RSA SecurID Integration Kit 访问控制错误漏洞

The Ping Identity RSA SecurID Integration Kit is Ping Identity's PingFederate Integration Kit for RSA SecurID® that adds Identity Provider IdP integration options to PingFederate by providing an RSA SecurID adapter that acts as an RSA® Authentication Agent. Program IdP integration option to...

CVE-2020-25565

In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients username: sapphire, password: ims and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions and execute code on the server...

CVE-2020-25560

In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients username: sapphire, password: ims and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions and execute code on the server. W...

Tecknodreams SapphireIMS 信任管理问题漏洞

Tecknodreams SapphireIMS is an ITIL 2011 certified enterprise-class service management system from Tecknodreams India.A trust management issue vulnerability exists in SapphireIMS 5.0, which stems from the fact that in SapphireIMS 5.0, it is possible to use hard-coded credentials in the client...

CVE-2021-28841

Null Pointer Dereference vulnerability in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service by sending a POST request to applycgi via an action pingtest without a pingipaddr key...

perl bug fix and enhancement update

Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Bug Fixes and Enhancements: perl-net-ping wrong return value on failing DNS name lookup BZ1973176...

CVE-2021-37388

A buffer overflow in D-Link DIR-615 C2 3.03WW. The pingipaddr parameter in pingresponse.cgi POST request allows an attacker to crash the webserver and might even gain remote code execution...

CVE-2021-21805

An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. A specially crafted HTTP request can lead to arbitrary OS command execution. An attacker can send a crafted HTTP request to trigger this vulnerability...

D-LINK DIR-3040 Libcli 命令注入漏洞(CVE-2021-21819)

The DIR-3040 is an AC3000-based wireless internet router. As discussed in TALOS-2021-1285, a hidden telnet service can be started without authentication by visiting https:///starttelnet This service presents the user with a login prompt for their “libcli test environment”: $ telnet 192.168.0.1...

Moderate: Red Hat Security Advisory: perl security and bug fix update

An update for perl is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

CVE-2021-36217

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-3502. Reason: This candidate is a duplicate of CVE-2021-3502. Notes: All CVE users should reference CVE-2021-3502 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

Ricon Industrial Cellular Router S9922XL Remote Command Execution

!/usr/bin/env python3 -- coding: utf-8 -- Ricon Industrial Cellular Router S9922XL Remote Command Execution Vendor: Ricon Mobile Inc. Product web page: https://www.riconmobile.com Affected version: Model: S9922XL and S9922L Firmware: 16.10.3 Summary: S9922L series LTE router is designed and...

Ricon Industrial Cellular Router S9922XL - Remote Command Execution Exploit

Exploit Title: Ricon Industrial Cellular Router S9922XL - Remote Command Execution RCE Exploit Author: LiquidWorm Vendor Homepage: https://www.riconmobile.com !/usr/bin/env python3 -- coding: utf-8 -- Ricon Industrial Cellular Router S9922XL Remote Command Execution Vendor: Ricon Mobile Inc...

Ricon Industrial Cellular Router S9922XL Remote Command Execution

Summary S9922L series LTE router is designed and manufactured by Ricon Mobile Inc., it based on 3G/LTE cellular network technology with industrial class quality. With its embedded cellular module, it widely used in multiple case like ATM connection, remote office security connection, data...