Path traversal

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users...

Harbor 'Ping()' Function Server-Side Cross-Site Forgery Vulnerability

Harbor is an open source, enterprise-grade registry server that also provides advanced security features such as user management, access control and activity auditing. A server-side cross-site forgery vulnerability exists in the 'Ping' function of the ui/api/targets.go file in Harbor 1.3.0-rc4 an...

Server-side Request Forgery (SSRF)

Overview github.com/goharbor/harbor/src/core/api is a cloud native registry project that stores, signs, and scans content. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF. The Ping function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the...

CVE-2017-17697

The Ping function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping...

Server side request forgery (ssrf)

The Ping function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping...

CVE-2017-17697

The Ping function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping...

CVE-2017-17697

The Ping function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping...

CVE-2017-17697

Harbor (ui/api/target.go) has an SSRF vulnerability in Ping() via the endpoint parameter to /api/targets/ping, affecting Harbor up to 1.3.0-rc4. Several connected sources confirm the issue and describe exploitation path leading to information disclosure; a remediation cited in Snyk is to upgrade ...

The vulnerability of the “ping.cgi” script in the embedded software of the NetCommWireless HSPA 3G10WVE router allows a hacker to execute arbitrary commands.

The vulnerability of the “ping.cgi” script in the embedded software of the NetCommWireless HSPA 3G10WVE router is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands using the “DIAIPADDRESS” parameter, by...

SeaCMS admin/admin_ping.php file code execution vulnerability

SeaCMS is a free and open source web content management system written in PHP. The system has been designed primarily to manage video-on-demand resources. A security vulnerability exists in SeaCMS version 6.56. The vulnerability can be exploited by a remote attacker to execute arbitrary PHP code ...

OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0173) (BlueBorne) (Stack Clash)

The remote OracleVM system is missing necessary patches to address critical security updates : - tty: Fix race in ptywrite leading to NULL deref Todd Vierling - ocfs2/dlm: ignore cleaning the migration mle that is inuse xuejiufei Orabug: 26479780 - KEYS: fix dereferencing NULL payload with nonzer...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2017-3658)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3658 advisory. - ping: implement proper locking Eric Dumazet Orabug: 26540288 CVE-2017-2671 - mm: Tighten x86 /dev/mem with zeroing reads Kees Cook Orabug: 266759...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3657)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3657 advisory. - mm: Tighten x86 /dev/mem with zeroing reads Kees Cook Orabug: 26675925 CVE-2017-7889 - more biomapuseriov leak fixes Al Viro Orabug: 27069042...

Unbreakable Enterprise kernel security update

kernel-uek 3.8.13-118.20.1 - tty: Fix race in ptywrite leading to NULL deref Todd Vierling Orabug: 25392692 - ocfs2/dlm: ignore cleaning the migration mle that is inuse xuejiufei Orabug: 26479780 - KEYS: fix dereferencing NULL payload with nonzero length Eric Biggers Orabug: 26592025 - oracleasm:...

Polycom HDX Series RCE

When doing external assessments you spend a decent amount of time footprinting your target and finding possible avenues of attack. Given a large corporate, you are pretty likely to hit video conferencing end-points. This post details a vulnerability in one of these video conferencing systems, the...

Fedora Update for perl-Net-Ping-External FEDORA-2017-5adf087854

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for perl-Net-Ping-External FEDORA-2017-c7514691cb

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for perl-Net-Ping-External FEDORA-2017-69e06543c1

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 25 Update: perl-Net-Ping-External-0.15-11.fc25

Net::Ping::External is a module which interfaces with the "ping" command on many systems. It presently provides a single function, ping, that takes in a hostname and optionally a timeout and returns true if the host is alive, and false otherwise. Unless you have the ability and willingness to run...

[SECURITY] Fedora 26 Update: perl-Net-Ping-External-0.15-11.fc26

Net::Ping::External is a module which interfaces with the "ping" command on many systems. It presently provides a single function, ping, that takes in a hostname and optionally a timeout and returns true if the host is alive, and false otherwise. Unless you have the ability and willingness to run...