CVE-2025-64327 ThinkDashboard: Blind Server-Side Request Forgery (SSRF) vulnerability in /api/ping Endpoint

ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. Versions 0.6.7 and below contain a Blind Server-Side Request Forgery SSRF vulnerability, in its /api/ping?url= endpoint. This allows an attacker to make arbitrary requests to internal or external hosts. This...

CVE-2025-61304

OS command injection vulnerability in Dynatrace ActiveGate ping extension up to 1.016 via crafted ip address...

ThinkDashboard 安全漏洞

ThinkDashboard is a lightweight, self-hosted bookmarking dashboard by the individual developer MatiasDesu. A security vulnerability exists in ThinkDashboard version 0.6.7 and earlier, which stems from a server-side request forgery vulnerability in the /api/ping?url= endpoint that could lead an...

PT-2025-45380

Name of the Vulnerable Software and Affected Versions ThinkDashboard versions 0.6.7 and below Description ThinkDashboard, a self-hosted bookmark dashboard built with Go and vanilla JavaScript, contains a Blind Server-Side Request Forgery SSRF issue. The vulnerability exists in the /api/ping?url=...

CVE-2025-61304

OS command injection vulnerability in Dynatrace ActiveGate ping extension up to 1.016 via crafted ip address...

CVE-2025-61304

OS command injection vulnerability in Dynatrace ActiveGate ping extension up to 1.016 via crafted ip address...

PT-2025-45113

Name of the Vulnerable Software and Affected Versions Dynatrace ActiveGate versions up to 1.016 Description An OS command injection issue exists in the Dynatrace ActiveGate ping extension. This flaw allows for potential code execution through the use of specially crafted IP addresses. The ping...

CVE-2025-61304

OS command injection vulnerability in Dynatrace ActiveGate ping extension up to 1.016 via crafted ip address...

EUVD-2025-37901

OS command injection vulnerability in Dynatrace ActiveGate ping extension up to 1.016 via crafted ip address...

CVE-2025-61304

OS command injection vulnerability in Dynatrace ActiveGate ping extension up to 1.016 via crafted ip address...

CVE-2025-61304

CVE-2025-61304 is an OS command injection vulnerability in the Dynatrace ActiveGate ping extension, affected up to version 1.016. The root cause is improper handling of crafted IP addresses in the ping extension, which relies on the Windows command prompt and allows command chaining (e.g., via an...

📄 Dynatrace ActiveGate Command Injection

Dynatrace ActiveGate versions up to 1.016 suffer from an OS command injection vulnerability. CVE-2025-61304 "OS command injection vulnerability in Dynatrace ActiveGate ping extension up to 1.016 via crafted ip address" In the background the ping extension is using the command prompt of Windows to...

Exploit for CVE-2025-61304

CVE-2025-61304 "OS command injection vulnerability in Dynatrac...

CVE-2016-15048

AMTT Hotel Broadband Operation System HiBOS contains an unauthenticated command injection vulnerability in the /manager/radius/serverping.php endpoint. The application constructs a shell command that includes the user-supplied ip parameter and executes it without proper validation or escaping. An...

EUVD-2016-10793

AMTT Hotel Broadband Operation System HiBOS contains an unauthenticated command injection vulnerability in the /manager/radius/serverping.php endpoint. The application constructs a shell command that includes the user-supplied ip parameter and executes it without proper validation or escaping. An...

CVE-2016-15048

AMTT Hotel Broadband Operation System HiBOS contains an unauthenticated command injection vulnerability in the /manager/radius/serverping.php endpoint. The application constructs a shell command that includes the user-supplied ip parameter and executes it without proper validation or escaping. An...

CVE-2016-15048

AMTT Hotel Broadband Operation System (HiBOS) is affected by an unauthenticated command injection in /manager/radius/server_ping.php. The code builds a shell command including the user-supplied ip parameter and executes it without proper validation or escaping, allowing an attacker to inject shel...

CVE-2016-15048 AMTT HiBOS Command Injection RCE via server_ping.php

AMTT Hotel Broadband Operation System HiBOS contains an unauthenticated command injection vulnerability in the /manager/radius/serverping.php endpoint. The application constructs a shell command that includes the user-supplied ip parameter and executes it without proper validation or escaping. An...

CVE-2016-15048 AMTT HiBOS Command Injection RCE via server_ping.php

AMTT Hotel Broadband Operation System HiBOS contains an unauthenticated command injection vulnerability in the /manager/radius/serverping.php endpoint. The application constructs a shell command that includes the user-supplied ip parameter and executes it without proper validation or escaping. An...

CVE-2025-6894

An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in the API authorization logic of the affected device allows an authenticated, low-privileged user to execute the administrative ping function, which is restricted ...