Cross site scripting

XSS exists in Ping Identity Agentless Integration Kit before 1.5...

CVE-2019-13564

CVE-2019-13564 is a Cross-Site Scripting (XSS) vulnerability in the Ping Identity Agentless Integration Kit prior to version 1.5. Several sources describe it as a Reflected XSS affecting the /as/authorization.oauth2 endpoint, caused by improper encoding of an arbitrarily submitted HTTP GET parame...

CVE-2019-13564

XSS exists in Ping Identity Agentless Integration Kit before 1.5...

Mobatek MobaXterm v11.1 - Code Execution Vulnerability

Document Title: =============== Mobatek MobaXterm v11.1 - Code Execution Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2186 Video: https://www.youtube.com/watch?v=Oz0rCBuRKrY Refernces:...

Windows/x86 - bitsadmin Download and Execute Shellcode (210 Bytes)

/ ; Windows/x86 - bitsadmin Download and Execute http://192.168.10.10/evil.exe c:\evil.exe Shellcode 210 Bytes ; Shellcode Title : bitsadmin download and execute ; Shellcode Author : Joseph McDonagh ; Date June 26, 2019 ; Shellcode Length 210 ; However, if the application you are exploiting alrea...

Intercept SaaS Services with the Akamai EAA Client

I was quite fortunate to visit Tokyo for the first time last year, and it was an unforgettable experience to explore all the sights and sounds around the Ginza district and to interact with the very friendly Japanese people. It wasn't all play, though -- and I had to get some real work done as...

imagemagick/ping_dng_fuzzer: Crash in LibRaw::recycle

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=5673227122114560 Project: imagemagick Fuzzer: libFuzzerimagemagickpingdngfuzzer Fuzz target binary: pingdngfuzzer Job Type: libfuzzerasanimagemagick Platform Id: linux Crash Type: UNKNOWN...

imagemagick/ping_icon_fuzzer: Use-of-uninitialized-value in png_crc_finish

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=5751794220662784 Project: imagemagick Fuzzer: libFuzzerimagemagickpingiconfuzzer Fuzz target binary: pingiconfuzzer Job Type: libfuzzermsanimagemagick Platform Id: linux Crash Type:...

CVE-2018-18852

Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use of Save.cgi to execute a ping command, as exploited in the wild in October 2018...

CVE-2018-18852

Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use of Save.cgi to execute a ping command, as exploited in the wild in October 2018...

Command injection

Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use of Save.cgi to execute a ping command, as exploited in the wild in October 2018...

CVE-2018-18852

Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use of Save.cgi to execute a ping command, as exploited in the wild in October 2018...

CVE-2018-18852

Cerio DT-300N devices, version 1.1.6–1.1.12, are affected by an OS command injection due to improper input validation in the web-interface PING feature (Save.cgi). The issue allows execution of arbitrary commands on the device; exploitation was observed in the wild in October 2018. CVSS details p...

VulnCheck KEV: CVE-2018-18852

Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use of Save.cgi to execute a ping command, as exploited in the wild in October 2018...

VulnCheck KEV: CVE-2016-10760

On Seowon Intech routers, there is a Command Injection vulnerability in diagnostic.cgi via shell metacharacters in the pingipaddr parameter...

VulnCheck KEV: CVE-2018-15887

MainAnalysisContent.asp in ASUS DSL-N12EC1 1.1.2.3345 is prone to Authenticated Remote Command Execution, which allows a remote attacker to execute arbitrary OS commands via service parameters, such as shell metacharacters in the destIP parameter of a cmdMethod=ping request...

CVE-2018-10697

An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the device. The POST paramet...

PT-2019-8764 · Moxa · Moxa Awk-3121

Name of the Vulnerable Software and Affected Versions: Moxa AWK-3121 version 1.14 Description: An issue was discovered in the Moxa AWK-3121 device, where the ping functionality, intended for administrators to check network connectivity via ICMP calls, can be exploited by an attacker to execute...

CVE-2018-16217

The network diagnostic function ping in the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware 66.83.0.35 allows a remote authenticated attacker to trigger OS commands or open a reverse shell via command injection...

Command injection

The network diagnostic function ping in the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware 66.83.0.35 allows a remote authenticated attacker to trigger OS commands or open a reverse shell via command injection...