CVE-2024-30213

StoneFly Storage Concentrator SC and SCVM before 8.0.4.26 allows remote authenticated users to achieve Command Injection via a Ping URL, leading to remote code execution...

StoneFly Storage Concentrator Security Vulnerability

StoneFly Storage Concentrator is a storage concentrator virtual machine from StoneFly. A security vulnerability exists in StoneFly Storage Concentrator versions prior to 8.0.4.26, which originates from allowing remote authenticated users to achieve command injection via a Ping URL, which can lead...

PT-2024-23258 · Stonefly · Stonefly Storage Concentrator

Name of the Vulnerable Software and Affected Versions: StoneFly Storage Concentrator SC and SCVM versions prior to 8.0.4.26 Description: The issue allows remote authenticated users to achieve command injection via a Ping URL, leading to remote code execution. Recommendations: For versions prior t...

SeaCMS Code Execution Vulnerability (CNVD-2024-33411)

SeaCMS is a free and open source web content management system written in PHP. The system has been designed primarily to manage video-on-demand resources. A code execution vulnerability exists in SeaCMS 12.9 and earlier versions, which stems from the fact that adminping.php directly splices...

CVE-2024-30213

StoneFly Storage Concentrator SC and SCVM before 8.0.4.26 allows remote authenticated users to achieve Command Injection via a Ping URL, leading to remote code execution...

CVE-2024-30213

CVE-2024-30213 affects StoneFly Storage Concentrator (SC and SCVM) prior to version 8.0.4.26. The issue allows remote authenticated users to perform command injection via a Ping URL, leading to remote code execution. Affected versions: SC/SCVM before 8.0.4.26. Mitigation: update to 8.0.4.26 or la...

Ping Identity PingFederate Security Vulnerability

Ping Identity PingFederate is a flagship software-based federation server from US-based Ping Identity, Inc. for identity management. Ping Identity A security vulnerability exists in PingFederate versions prior to 12.0.1, which stems from an unauthorized user being able to access the deployment...

Ping Identity PingFederate PingOne MFA Integration Kit Security Vulnerability

Ping Identity PingFederate PingOne MFA Integration Kit is from Ping Identity This integration kit allows PingFederate to use the PingOne MFA service for multi-factor authentication MFA. A security vulnerability exists in Ping Identity PingFederate PingOne MFA Integration Kit versions prior to...

CVE-2024-39028

An issue was discovered in SeaCMS =12.9 which allows remote attackers to execute arbitrary code via adminping.php...

PT-2024-28337 · Seacms · Seacms

Name of the Vulnerable Software and Affected Versions: SeaCMS versions =12.9 Description: An issue in SeaCMS allows remote attackers to execute arbitrary code via the "admin ping.php" endpoint. This enables attackers to run malicious code on the affected system. Recommendations: For SeaCMS versio...

ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...

CVE-2024-37642

TRENDnet TEW-814DAP v1FW1.01B01 was discovered to contain a command injection vulnerability via the ipv4ping, ipv6ping parameter at /formSystemCheck...

PT-2024-27695 · Trendnet · Trendnet Tew-814Dap

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-814DAP version 1 FW1.01B01 Description: A command injection issue was discovered, affecting the ipv4 ping and ipv6 ping parameters at the /formSystemCheck API endpoint. This allows for potential command injection attacks...

TRENDnet TEW-814DAP Security Vulnerability

The TRENDnet TEW-814DAP is a wireless access point from Trendnet, Inc. A security vulnerability exists in TRENDnet TEW-814DAP version v1FW1.01B01, which originates from a command injection vulnerability contained in the ipv4ping, ipv6ping parameters at /formSystemCheck...

CVE-2021-47309

A vulnerability was found in the Linux kernel's networking component, where the skbtunnelinfo function can return unvalidated data. This issue arises because the function does not check the type of lwtstate-data before using it, which could lead to accessing incompatible data types and cause memo...

ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...

CVE-2024-34792

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in dexta Dextaz Ping allows Command Injection.This issue affects Dextaz Ping: from n/a through 0.65...

CVE-2024-34792

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in dexta Dextaz Ping allows Command Injection.This issue affects Dextaz Ping: from n/a through 0.65...

CVE-2024-34792 WordPress Dextaz Ping plugin <= 0.65 - Remote Code Execution (RCE) vulnerability

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in dexta Dextaz Ping allows Command Injection.This issue affects Dextaz Ping: from n/a through 0.65...

CVE-2024-34792 WordPress Dextaz Ping plugin <= 0.65 - Remote Code Execution (RCE) vulnerability

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in dexta Dextaz Ping allows Command Injection.This issue affects Dextaz Ping: from n/a through 0.65...