Arista Networks CloudVision Portal Multiple Vulnerabilities (SA0043)

The version of Arista Networks CloudVision Portal running on the remote device is affected by the following vulnerabilities: - HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service DoS. An unauthenticated, remote attacker can exploit this, by sending...

Shopify: Low privileged user can create high privileged user's KITCRM authorization token and can read and write message to KIT

Using the Shopify ping application a user can communicate with the kit. The kit is an application that creates tasks based on the information supplied through the Shopify ping app by a user. With a few quick messages to Kit using Shopify Ping, a user can create a discount code and promote it, sta...

HTTP/2: flood using PING frames results in unbounded memory growth

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

CVE-2020-13976

An issue was discovered in DD-WRT through 16214. The Diagnostic page allows remote attackers to execute arbitrary commands via shell metacharacters in the host field of the ping command. Exploitation through CSRF might be possible. NOTE: software maintainers consider the report invalid because it...

Command injection

An issue was discovered in DD-WRT through 16214. The Diagnostic page allows remote attackers to execute arbitrary commands via shell metacharacters in the host field of the ping command. Exploitation through CSRF might be possible. NOTE: software maintainers consider the report invalid because it...

CVE-2020-13976

An issue was discovered in DD-WRT through 16214. The Diagnostic page allows remote attackers to execute arbitrary commands via shell metacharacters in the host field of the ping command. Exploitation through CSRF might be possible. NOTE: software maintainers consider the report invalid because it...

PT-2020-13812 · New Media Nv · Dd-Wrt

Name of the Vulnerable Software and Affected Versions: DD-WRT versions through 16214 Description: An issue in the Diagnostic page allows remote attackers to execute arbitrary commands via shell metacharacters in the host field of the ping command. Exploitation through CSRF might be possible. The...

Forerunner - Fast And Extensible Network Scanning Library Featuring Multithreading, Ping Probing, And Scan Fetchers

The Forerunner library is a fast, lightweight, and extensible networking library created to aid in the development of robust network centric applications such as: IP Scanners, Port Knockers, Clients, Servers, etc. In it's current state, the Forerunner library is able to both synchronously and...

CVE-2020-10756

An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6sendechoreply routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory,...

imagemagick:ping_mng_fuzzer: Use-of-uninitialized-value in ScaleQuantumToChar

Detailed Report: https://oss-fuzz.com/testcase?key=5958982819905536 Project: imagemagick Fuzzing Engine: libFuzzer Fuzz Target: pingmngfuzzer Job Type: libfuzzermsanimagemagick Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: ScaleQuantumToChar...

HTTP/2: flood using PING frames results in unbounded memory growth

A flaw was found in HTTP/2. Using PING frames and queuing of response PING ACK frames, a flood attack could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

CVE-2020-10654

Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow in PingID-enrolled servers. This condition can be potentially exploited into a Remote Code Execution vector on the authenticating endpoint...

CVE-2020-10654

Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow in PingID-enrolled servers. This condition can be potentially exploited into a Remote Code Execution vector on the authenticating endpoint...

Heap overflow

Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow in PingID-enrolled servers. This condition can be potentially exploited into a Remote Code Execution vector on the authenticating endpoint...

CVE-2020-10654

Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow in PingID-enrolled servers, potentially enabling Remote Code Execution on the authenticating endpoint. Affected software: PingID SSH components prior to version 4.0.14. Root cause: heap overflow in the PingID-enrolled server c...

CVE-2020-10654

Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow in PingID-enrolled servers. This condition can be potentially exploited into a Remote Code Execution vector on the authenticating endpoint...

VulnCheck KEV: CVE-2020-10173

Comtrend VR-3033 DE11-416SSG-C01R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi...

Saltstack 3000.1 Remote Code Execution Exploit

Exploit Title: Saltstack 3000.1 - Remote Code Execution Date: 2020-05-04 Exploit Author: Jasper Lievisse Adriaanse Vendor Homepage: https://www.saltstack.com/ Version: 3000.2, 2019.2.4, 2017., 2018. Tested on: Debian 10 with Salt 2019.2.0 CVE : CVE-2020-11651 and CVE-2020-11652 Discription:...

Beeline Smart Box Operating System Command Injection Vulnerability

The Beeline Smart Box is a wireless router from the Russian company Beeline. A security vulnerability exists in Beeline Smart Box version 2.0.38. An attacker can exploit this vulnerability via the 'Ping pingipaddr', 'Nslookup nslookupipaddr' or 'Traceroute tracerouteipaddr' parameters to execute...

CVE-2020-12246

Beeline Smart Box 2.0.38 routers allow "Advanced settings Other Diagnostics" OS command injection via the Ping pingipaddr parameter, the Nslookup nslookupipaddr parameter, or the Traceroute tracerouteipaddr parameter...