2570 matches found
EUVD-2018-21890
Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Attackers can inject malicious payloads exceeding 4108 bytes into the Host, Time Out, Packet Size, Pause, or Loops fields to trigg...
CVE-2018-25369 Visual Ping 0.8.0.0 Buffer Overflow Denial of Service
Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Attackers can inject malicious payloads exceeding 4108 bytes into the Host, Time Out, Packet Size, Pause, or Loops fields to trigg...
CVE-2018-25369 Visual Ping 0.8.0.0 Buffer Overflow Denial of Service
Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Attackers can inject malicious payloads exceeding 4108 bytes into the Host, Time Out, Packet Size, Pause, or Loops fields to trigg...
CVE-2018-25369
CVE-2018-25369 affects Visual Ping 0.8.0.0, where a buffer overflow in input field handling allows a local attacker to crash the application. Specifically, injecting oversized data (>4108 bytes) into the Host, Time Out, Packet Size, Pause, or Loops fields triggers a denial of service. The vuln...
CVE-2018-25360
AgataSoft Auto PingMaster 1.5 contains a stack-based buffer overflow vulnerability in the Trace Route host name field that allows local attackers to execute arbitrary code by triggering structured exception handling. Attackers can craft a malicious ping.txt file with shellcode and jump instructio...
PT-2026-43213
AgataSoft Auto PingMaster 1.5 contains a stack-based buffer overflow vulnerability in the Trace Route host name field that allows local attackers to execute arbitrary code by triggering structured exception handling. Attackers can craft a malicious ping.txt file with shellcode and jump instructio...
PT-2026-43221
Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Attackers can inject malicious payloads exceeding 4108 bytes into the Host, Time Out, Packet Size, Pause, or Loops fields to trigg...
PT-2026-43157
Name of the Vulnerable Software and Affected Versions Totolink CA750-PoE version 6.2c.510 Description An OS command injection issue exists in the Setting Handler component. The setNetworkDiag function within the '/cgi-bin/cstecgi.cgi' endpoint fails to properly sanitize several arguments, allowin...
Visual Ping 安全漏洞
Visual Ping is a website change monitoring tool from Visual Ping. A security vulnerability exists in Visual Ping version 0.8.0.0, which stems from a buffer overflow in input field handling that could cause a local attacker to crash the application by supplying oversized data...
MAL-2026-4382 Malicious code in @djessicatony/folk-mcp-canary (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a504172fe0e456bd96cf7b4f9a6b6dda65dee7bd573833bbf5963b0be7a05ae8 index.js contains a beacon-style exfiltration primitive: a fetch POST at line 60-61 sends process.env data read at lines 30 and 34 to a hardcoded...
Malicious code in open-agents-ai (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecd54a57bfc95ce17e9e2279808810d09bb3285a15af6198f9f40f7a8f5307f7 package.json declares both preinstall and postinstall lifecycle hooks that invoke curl, and ships dist/postinstall-daemon.cjs — a Node script that...
iputils: iputils integer overflow
An integer overflow flaw has been discovered in the ping function within the iputils package. This overflow may allow an attacker to craft an ECHO reply which can prevent iputils from operating normally...
VulnCheck KEV: CVE-2025-1448
A vulnerability was found in Synway SMG Gateway Management Software up to 20250204. It has been rated as critical. This issue affects some unknown processing of the file 9-12ping.php. The manipulation of the argument retry leads to command injection. The attack may be initiated remotely. The...
[SECURITY] [DSA 6279-1] redis security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6279-1 [email protected] https://www.debian.org/security/ Aron Xu May 17, 2026 https://www.debian.org/security/faq - -------------------------------------------------------------------------...
Authentication Bypass
github.com/oauth2-proxy/oauth2-proxy is vulnerable to an authentication bypass. The vulnerability is due to improper handling of health check User-Agent values in authrequest-style integrations when --ping-user-agent or --gcp-healthchecks is enabled, which allows an unauthenticated remote attacke...
EUVD-2026-29939
ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of pingipaddr parameter. If processing a crafted request sent by a logged-in user, an arbitrary OS command may be executed...
CVE-2026-35506
ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of pingipaddr parameter. If processing a crafted request sent by a logged-in user, an arbitrary OS command may be executed...
ELECOM WRC 操作系统命令注入漏洞
ELECOM WRC is a home-use network camera produced by the Japanese company ELECOM. The ELECOM WRC has a vulnerability related to OS command injection. This vulnerability stems from an OS command injection flaw during the processing of the pingipaddr parameter, which may allow arbitrary OS commands ...
PT-2026-40596
ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of ping ip addr parameter. If processing a crafted request sent by a logged-in user, an arbitrary OS command may be executed...
CVE-2026-1681
Issuing an ICMP ping via the net ping shell command to a device's own IPv4 address causes the network stack to recursively re-enter the input path on the same system work-queue stack. Because the destination is recognized as a local address, both the echo request and the resulting echo reply are...