Authorization

diagtool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to run a ping command via a GET request to enumerate LAN devices or crash the router with a DoS attack...

CVE-2019-9974

diagtool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to run a ping command via a GET request to enumerate LAN devices or crash the router with a DoS attack...

CVE-2019-9974

CVE-2019-9974 affects DASAN H660RM GPON routers running firmware 1.03-0022. diag_tool.cgi lacks any authorization, enabling remote attackers to spawn ping processes via a GET request to enumerate LAN hosts or cause DoS by memory exhaustion. The lack of auth in diag_get_result.cgi also allows retr...

The Ping is the Thing: Popular HTML5 Feature Used to Trick Chinese Mobile Users into Joining Latest DDoS Attack

DDoS attacks have always been a major threat to network infrastructure and web applications. Attackers are always creating new ways to exploit legitimate services for malicious purposes, forcing us to constantly research DDoS attacks in our CDN to build advanced mitigations. We recently...

CVE-2018-5757

An issue was discovered on AudioCodes 450HD IP Phone devices with firmware 3.0.0.535.106. The traceroute and ping functionality, which uses a parameter in a request to command.cgi from the Monitoring page in the web UI, unsafely puts user-alterable data directly into an OS command, leading to...

Cisco RV320 Command Injection Vulnerability

Command injection vulnerability in the web-based certificate generator feature of the Cisco RV320 router which was inadequately patched by the vendor. Cisco RV320 Command Injection Vulnerability Product: Cisco RV320 Dual Gigabit WAN VPN Router, possibly others Affected Versions: 1.4.2.15 through...

Zero-Days in Counter-Strike Client Used to Build Major Botnet

A proprietor of a Counter-Strike gaming server promotion service has used multiple zero-days in the Counter-Strike client to create a large botnet. The network is made up of fake game servers for the popular online multiplayer game. The attacker has had quite a bit of success. In a recent analysi...

The vulnerability of the “rdpsnd_process_ping” function implementation in the RDP client rdesktop, related to reading beyond the memory boundary, allows a attacker to cause a service failure.

The vulnerability of the “rdpsndprocessping” function in the RDP client rdesktop implementation is related to reading data beyond the memory boundary. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

Rootstock Labs: Traffic amplification attack via discovery protocol

A vulnerability was discovered in the RSKJ node's UDP discovery protocol that allowed for traffic amplification DDoS attacks. The ping-pong mechanism intended to protect against this was not properly implemented, allowing an attacker to successfully finish it even with a spoofed IP. By sending a...

GHSA-2MHH-W6Q8-5HXW Remote Memory Disclosure in ws

Versions of ws prior to 1.0.1 are affected by a remote memory disclosure vulnerability. In certain rare circumstances, applications which allow users to control the arguments of a client.ping call will cause ws to send the contents of an allocated but non-zero-filled buffer to the server. This ma...

AirDroid 4.2.1.6 Denial Of Service

!/bin/bash Author: Marcelo VA!zquez aka s4vitar AirDroid Denial of Service DoS & System Crash Exploit Title: AirDroid Remote Denial of Service DoS & System Crash Date: 2019-02-07 Exploit Author: Marcelo VA!zquez Vendor Homepage: https://web.airdroid.com/ Software Link:...

rdesktop rdpsnd_process_ping() function out-of-bounds read vulnerability

rdesktop is an open source UNIX client for connecting to Windows Remote Desktop Services. An out-of-bounds read vulnerability exists in the rdpsndprocessping function in rdesktop 1.8.3 and earlier. An attacker could exploit this vulnerability to obtain information...

Goscan - Interactive Network Scanner

GoScan is an interactive network scanner client, featuring auto-completion, which provides abstraction and automation over nmap. Although it started as a small side-project I developed in order to learn @golang, GoScan can now be used to perform host discovery, port scanning, and service...

UBUNTU-CVE-2018-8798

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpsndprocessping that results in an information leak...

CVE-2018-8798

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpsndprocessping that results in an information leak...

DEBIAN-CVE-2018-8798

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpsndprocessping that results in an information leak...

Cisco RV320 Dual Gigabit WAN VPN Router 1.4.2.15 - Command Injection

RedTeam Pentesting discovered a command injection vulnerability in the web-based certificate generator feature of the Cisco RV320 router. Details ======= Product: Cisco RV320 Dual Gigabit WAN VPN Router, possibly others Affected Versions: 1.4.2.15 and later Fixed Versions: since 1.4.2.20...

Linux: Broadcast ICMP echo requests

Broadcast ICMP echo requests are used by the ping command to find all hosts on the network or subnet. An attacker can use Broadcast ICMP echo requests for a DoS/DDoS attack on the network. This script tests whether the Linux host is configured to ignore Broadcast ICMP echo requests...

imagemagick/ping_mvg_fuzzer: Crash in GlobExpression

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=5703754605658112 Project: imagemagick Fuzzer: libFuzzerimagemagickpingmvgfuzzer Fuzz target binary: pingmvgfuzzer Job Type: libfuzzerasanimagemagick Platform Id: linux Crash Type: UNKNOWN RE...

Denial Of Service (DoS)

httpd is vulnerable to denial of service. The modlua httpd module improperly processed certain WebSocket Ping requests, allowing a remote attacker to cause the httpd child process to crash via a malicious WebSocket Ping request...