KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Authenticated Command Injection

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Authenticated Command Injection Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd. Product web page: http://www.kzbtech.com | http://www.jatontec.com | https://www.neotel.mk http://www.jatontec.com/products/show.php?itemid=258...

CVE-2021-28143

/jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated command injection via ping, ping6, or traceroute under System Tools...

Command injection

/jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated command injection via ping, ping6, or traceroute under System Tools...

CVE-2021-28143

/jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated command injection via ping, ping6, or traceroute under System Tools...

CVE-2021-28143

The CVE-2021-28143 vulnerability affects the D-Link DIR-841 router (versions 3.03 and 3.04). The issue resides in the /jsonrpc endpoint under System Tools and allows authenticated command injection via the ping, ping6, or traceroute functions. The Red Hat, CNVD, CNVD-style entries corroborate thi...

Security Bulletin: Multiple vulnerabilities in dependent libraries affect IBM® Db2® leading to denial of service or privilege escalation.

Summary Multiple vulnerabilities in dependent libraries affect IBM® Db2® leading to denial of service or privilege escalation. Vulnerability Details CVEID: CVE-2019-9512 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a Ping Flood attack. By sending continual pings ...

CVE-2021-3149

On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manualping.cgi allows OS command injection after authentication by the attacker because the system C library function is used unsafely...

CVE-2021-3149

On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manualping.cgi allows OS command injection after authentication by the attacker because the system C library function is used unsafely...

CVE-2021-26747

Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution...

Design/Logic Flaw

Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution...

Netis WF2780 Operating System Command Injection Vulnerability

Netis WF2780 is a networking device from Netis China. Provides AC routers to deliver next-generation Wi-Fi at gigabit speeds. An operating system command injection vulnerability exists in the Netis WF2780 and WF2411. The vulnerability originates from allowing an attacker to inject shell...

Denial of Service in sebhildebrandt/systeminformation

Description systeminformation is vulnerable to Denial of Service. It is possible to overwrite the ping command parameters, which results in too long execution. Proof of Concept Create a .js file with the content below and run it. javascript const si = require'systeminformation'; si.inetLatency"-c...

Unibox 2.4 CSRF / Remote Code Execution

===================================================== Authenticated Remote Code Execution In Unibox 2.4 ===================================================== . contents:: Table Of Content Overview ======== Title:- Authenticated command execution in all UNIBOX WiFi Hotspot Controller. CVE ID:- Not...

CentOS 8 : container-tools:1.0 (CESA-2019:4273)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:4273 advisory. - HTTP/2: flood using PING frames results in unbounded memory growth CVE-2019-9512 - HTTP/2: flood using HEADERS frames results in unbounded memory...

EulerOS 2.0 SP3 : golang (EulerOS-SA-2021-1073)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an...

F5 BIG-IP APM Denial of Service Vulnerability (CNVD-2021-04825)

F5 BIG-IP APM is a suite of access and security solutions from F5 USA. The product provides unified access to business-critical applications and networks. A security vulnerability exists in F5 BIG-IP APM, which can be exploited by an attacker to trigger a denial of service by pinging access to F5...

MGASA-2020-0468 Updated golang-googlecode-net package fixes security vulnerabilities

This code was vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both...

Updated golang-googlecode-net package fixes security vulnerabilities

This code was vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both...

F5 BIG-IP APM 安全漏洞

F5 BIG-IP APM is a suite of access and security solutions from F5 USA. The product provides unified access to business-critical applications and networks. A security vulnerability exists in F5 BIG-IP APM, which can be exploited by an attacker to trigger a denial of service by pinging access to F5...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Netty

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Netty. Vulnerability Details CVEID: CVE-2019-16869 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw when handling unusual whitespaces before the colon in HTTP headers. By sending a...