ACRN 代码问题漏洞

ACRN is an open source project released by the Linux Foundation, a hypervisor designed for IoT and embedded devices. A null pointer dereference vulnerability exists in virtionetpingrxq in devicemodel/hw/pci/virtio/virtionet.c in versions prior to ACRN 2.5. No details of the vulnerability are...

SD-WAN Diagnostics Tool traffic (ping, traceroute and iperf) is being dropped by firewall policy

SD-WAN Diagnostics Tool traffic ping, traceroute and iperf is being dropped by a firewall policy manually configured to drop traffic that has not been explicitly allowed...

Ping Identity: Broken Link on Ping Identity's Vulnerability Submission Form on Hackerone

Summary: Ping Identity has an unclaimed broken link on their HackerOne security page which can be claimed by any malicious user, who could then exploit this issue with clever social engineering to deceive new researchers to submit their legitimate findings to the wrong hands. Similar to this...

SUSE: Security Advisory (SUSE-SU-2013:0713-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

h1-ctf: CCC H1 June 2021 CTF Writeup

CTF Summary This was my first H1 CTF and I was excited to work with several others to collaborate on the CTF and find the flag. I'll write up the solution process and vulnerabilities involved in the solution: Knowledge basic of S3 operations XML External Entities and Local File Exfiltration SQL...

Exploit for Deserialization of Untrusted Data in Apache Ofbiz

CVE-2020-9496 - RCE Because the 2 xmlrpc related requets in we...

CVE-2021-28151

Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address aka Destination field to the tools.cgi ping command, which is accessible with the username guest and password guest...

CVE-2021-28151

Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address aka Destination field to the tools.cgi ping command, which is accessible with the username guest and password guest...

Command injection

Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address aka Destination field to the tools.cgi ping command, which is accessible with the username guest and password guest...

CVE-2021-28151

Hongdian H8922 3.0.5 devices are vulnerable to remote command injection in tools.cgi ping via shell metacharacters in the ip-address (Destination) field, accessible with guest/guest credentials. The Nuclei template and other sources confirm that an attacker can execute arbitrary commands on the d...

CVE-2021-28151

Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address aka Destination field to the tools.cgi ping command, which is accessible with the username guest and password guest...

Exploit for Deserialization of Untrusted Data in Apache Ofbiz

CVE-2020-9496 - RCE Because the 2 xmlrpc related requets in we...

Security Bulletin: Vulnerabilities in WebSphere Application Server affect IBM Rational products based on IBM Jazz technology

Summary There are vulnerabilities in IBM WebSphere Application Server bundled with IBM Jazz Team Server based Applications that affect the following products: Collaborative Lifecycle Management CLM, Rational DOORS Next Generation RDNG, Rational Engineering Lifecycle Manager RELM, Rational Team...

SUSE: Security Advisory (SUSE-SU-2020:1748-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-21883

Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a OS command injection vulnerability in /tools/ping, which can leads to complete device takeover...

Command injection

Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a OS command injection vulnerability in /tools/ping, which can leads to complete device takeover...

CVE-2020-21883

Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a OS command injection vulnerability in /tools/ping, which can leads to complete device takeover...

Wire 信息泄露漏洞

Wire is a chat software by an individual developer. The software supports Web, WindowsiOS, Android, and OS X platforms, has a group feature, allows voice calls, sends photos, and its original greeting method, PING. Wire suffers from a security vulnerability that stems from the fact that when a us...

Tangshan Ping Sheng Electronic Technology Development Co., Ltd. website backstage management system has a logic flaw vulnerability

Tangshan Ping Sheng Electronic Technology Development Co., Ltd. business scope includes: electronic products, instruments, electrical equipment, computers, software, automatic control system design, manufacturing, electromechanical equipment, wholesale, retail; technical services and so on...

Netmap.Js - Fast Browser-Based Network Discovery Module

Fast browser-based network discovery module Description netmap.js provides browser-based host discovery and port scanning capabilities to allow you to map website visitors' networks. It's quite fast, making use of es6-promise-pool to efficiently run the maximum number of concurrent connections...