Exploit for OS Command Injection in Amttgroup Hibos

CVE-2016-15048 Test Environment This directory contains a vul...

CVE-2016-15048

AMTT Hotel Broadband Operation System HiBOS contains an unauthenticated command injection vulnerability in the /manager/radius/serverping.php endpoint. The application constructs a shell command that includes the user-supplied ip parameter and executes it without proper validation or escaping. An...

EUVD-2016-10793

AMTT Hotel Broadband Operation System HiBOS contains an unauthenticated command injection vulnerability in the /manager/radius/serverping.php endpoint. The application constructs a shell command that includes the user-supplied ip parameter and executes it without proper validation or escaping. An...

CVE-2016-15048

AMTT Hotel Broadband Operation System HiBOS contains an unauthenticated command injection vulnerability in the /manager/radius/serverping.php endpoint. The application constructs a shell command that includes the user-supplied ip parameter and executes it without proper validation or escaping. An...

CVE-2016-15048

AMTT Hotel Broadband Operation System (HiBOS) is affected by an unauthenticated command injection in /manager/radius/server_ping.php. The code builds a shell command including the user-supplied ip parameter and executes it without proper validation or escaping, allowing an attacker to inject shel...

CVE-2016-15048 AMTT HiBOS Command Injection RCE via server_ping.php

AMTT Hotel Broadband Operation System HiBOS contains an unauthenticated command injection vulnerability in the /manager/radius/serverping.php endpoint. The application constructs a shell command that includes the user-supplied ip parameter and executes it without proper validation or escaping. An...

CVE-2016-15048 AMTT HiBOS Command Injection RCE via server_ping.php

AMTT Hotel Broadband Operation System HiBOS contains an unauthenticated command injection vulnerability in the /manager/radius/serverping.php endpoint. The application constructs a shell command that includes the user-supplied ip parameter and executes it without proper validation or escaping. An...

CVE-2025-42907

SAP BI Platform allows an attacker to modify the IP address of the LogonToken for the OpenDoc. On accessing the modified link in the browser a different server could get the ping request. This has low impact on integrity with no impact on confidentiality and availability of the system...

CVE-2025-42907

CVE-2025-42907 concerns SAP BI Platform. Multiple connected sources confirm a vulnerability where an attacker can modify the IP address in the LogonToken attached to OpenDoc, and when the modified link is opened in a browser, a different server could receive a ping request. The impact is describe...

Design/Logic Flaw

An unauthenticated attacker with network access to a victim's Rockwell Automation FactoryTalk Alarm and Events service could open a connection, causing the service to fault and become unavailable. The affected port could be used as a server ping port and uses messages structured with XML...

PT-2022-24549 · Rockwell Automation · Rockwell Automation Factorytalk Alarm/Events Service

Name of the Vulnerable Software and Affected Versions: Rockwell Automation FactoryTalk Alarm and Events service affected versions not specified Description: The issue allows an unauthenticated attacker with network access to cause the Rockwell Automation FactoryTalk Alarm and Events service to...