Advantech R-SeeNet 操作系统命令注入漏洞

Advantech R-SeeNet is an industrial monitoring software from Advantech, Taiwan, China. The software is based on the snmp protocol for monitoring platforms, and is available for Linux and Windows platforms.An OS command injection vulnerability exists in Advantech R-SeeNet ping.php, which stems fro...

Advantech R-SeeNet ping.php OS Command Injection vulnerability

Summary An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. A specially crafted HTTP request can lead to arbitrary OS command execution. An attacker can send a crafted HTTP request to trigger this vulnerability. Tested...

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description Reflected XSS in ping.php as IP parameter is not sanitized. 🕵️‍♂️ Proof of Concept Vulnerable Code: Ping Payload: Ping alert1 ? 💥 Impact This vulnerability is capable of reflected XSS...

OS Command Injection in falconchristmas/fpp

✍️ Description FPP - Falcon Player is vulnerable to OS Command injection attacks on ping.php because it doesnt sanitize user supplied parameters as shown below. : Vulnerable variable: count Method: GET The $count variable is constructed using the user supplied data, and then is used in a system...

CVE-2017-17561

SeaCMS 6.56 allows remote authenticated administrators to execute arbitrary PHP code via a crafted token field to admin/adminping.php, which interacts with data/admin/ping.php...

Code injection

SeaCMS 6.56 allows remote authenticated administrators to execute arbitrary PHP code via a crafted token field to admin/adminping.php, which interacts with data/admin/ping.php...

CVE-2017-17561

SeaCMS 6.56 allows remote authenticated administrators to execute arbitrary PHP code via a crafted token field to admin/adminping.php, which interacts with data/admin/ping.php...

CVE-2013-0526

ping.php in Global Console Manager 16 GCM16 and Global Console Manager 32 GCM32 before 1.20.0.22575 on the IBM Avocent 1754 KVM switch allows remote authenticated users to execute arbitrary commands via shell metacharacters in the 1 count or 2 size parameter...

CVE-2012-5864

The CVE-2012-5864 issue affects Sinapsi eSolar family web-based management interfaces (Light, eSolar, and DUO) prior to firmware 2.0.2870_2.2.12. The root cause is improper authentication: management pages do not require login, enabling remote attackers to obtain administrative access via direct ...

PT-2012-6159 · Sinapsi +1 · Sinapsi Esolar Light Photovoltaic System Monitor +3

Name of the Vulnerable Software and Affected Versions: Sinapsi eSolar Light Photovoltaic System Monitor aka Schneider Electric Ezylog photovoltaic SCADA management server versions prior to 2.0.2870 2.2.12 Sinapsi eSolar versions prior to 2.0.2870 2.2.12 Sinapsi eSolar DUO versions prior to 2.0.28...

Ezylog Photovoltaic Management SQL Injection / Command Injection

Multiple vulnerabilities in Ezylog photovoltaic management server ================================================================= ADVISORY INFORMATION Title: Multiple vulnerabilities in Ezylog photovoltaic management server Discovery date: 27/08/2012 Release date: 11/09/2012 Credits: Roberto...

CVE-2009-4024

Argument injection vulnerability in the ping function in Ping.php in the NetPing package before 2.4.5 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: this has also been reported as a shell metacharacter problem...

Design/Logic Flaw

Argument injection vulnerability in the ping function in Ping.php in the NetPing package before 2.4.5 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: this has also been reported as a shell metacharacter problem...

CVE-2009-4024

CVE-2009-4024 affects php-net-ping (PEAR Net_Ping). The vulnerability is in Ping.php, where insufficient input sanitising allows remote attackers to inject commands via the host parameter, enabling remote code execution. Affected versions are prior to 2.4.5; multiple advisories (Debian DSA-1949-1...

Authentication flaw

ping.php in Russcom.Ping allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter...

CVE-2006-2615

ping.php in Russcom.Ping allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter...

CVE-2006-2615

The CVE-2006-2615 entry concerns ping.php in Russcom.Ping, where the domain parameter is vulnerable to shell metacharacter input leading to remote command execution. The NVD entry indicates network-based, low-complexity exploitation with no authentication required and potential partial impacts to...