[SECURITY] Fedora 36 Update: golang-github-projectdiscovery-mapcidr-0.0.8-4.fc36

Small utility program to perform multiple operations for a given subnet/CIDR ranges...

[SECURITY] Fedora 36 Update: asnip-0-0.7.20200618git44ba98b.fc36

Asnip retrieves all IPs used by an organization for surface mapping. It uses the IP or domain name and looks up the Autonomous System Number ASN, retrieves the Classless Inter-Domain Routing CIDR subnet masks and converts them to IPs...

Fedora: Security Advisory for asnip (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-github-projectdiscovery-mapcidr-0.0.8-3.fc36

Small utility program to perform multiple operations for a given subnet/CIDR ranges...

[SECURITY] Fedora 36 Update: asnip-0-0.6.20200618git44ba98b.fc36

Asnip retrieves all IPs used by an organization for surface mapping. It uses the IP or domain name and looks up the Autonomous System Number ASN, retrieves the Classless Inter-Domain Routing CIDR subnet masks and converts them to IPs...

Puwr - SSH Pivoting Script For Expanding Attack Surfaces On Local Networks

Easily expand your attack surface on a local network by discovering more hosts, via SSH. Using a machine running a SSH service, Puwr uses a given subnet range to scope out IP's, sending back any successful ping requests it has. This can be used to expand out an attack surface on a local network, ...

WatsonWebserver 代码问题漏洞

WatsonWebserver is a simple, scalable, fast, asynchronous Web server from Joel Christner, an individual developer in the United States. It is used to process RESTful HTTP / HTTPS requests written in C. A code issue vulnerability exists in WatsonWebserver version 4.1.3 and earlier, and IpMatcher...

CVE-2022-28896

A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1FW130B06 allows attackers to escalate privileges to root via a crafted payload...

PT-2022-3426 · Eaton · Eaton Intelligent Power Manager

Name of the Vulnerable Software and Affected Versions: Eaton Intelligent Power Manager IPM versions prior to 1.70 Description: The issue exists due to insufficient validation of input from certain resources by the IPM software, leading to stored Cross site scripting. An attacker would need access...

PT-2022-19298 · D Link · Dir-882

Name of the Vulnerable Software and Affected Versions: D-Link DIR882 version DIR882A1 FW130B06 Description: A command injection issue exists in the /setnetworksettings/SubnetMask component, allowing attackers to escalate privileges to root by sending a crafted payload. Recommendations: For versio...

CVE-2021-23288

The vulnerability exists due to insufficient validation of input from certain resources by the IPP software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system. This issue affects: Intelligent Power Protector versions prior to 1.69...

CVE-2021-23288

The vulnerability exists due to insufficient validation of input from certain resources by the IPP software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system. This issue affects: Intelligent Power Protector versions prior to 1.69...

Input validation

The vulnerability exists due to insufficient validation of input from certain resources by the IPP software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system. This issue affects: Intelligent Power Protector versions prior to 1.69...

Intelligent Power Protector 跨站脚本漏洞

Intelligent Power Protector is a Intelligent Power Program. A security vulnerability exists in Intelligent Power Protector versions prior to 1.69 that stems from insufficient validation of certain resource inputs by the IPP software. An attacker could exploit this vulnerability to access the loca...

GHSA-F9FQ-VJVH-779P Improper Input Validation in vault-ssh-helper

HashiCorp vault-ssh-helper github.com/hashicorp/vault-ssh-helper/helper up to and including version 0.1.6 incorrectly accepted Vault-issued SSH OTPs for the subnet in which a host's network interface was located, rather than the specific IP address assigned to that interface. Fixed in 0.2.0...

Exploit for SQL Injection in Phpipam

CVE-2022-23046 PhpIPAM v1.4.4 allows an authenticated admin u...

The vulnerability of the app/admin/routing/edit-bgp-mapping-search.php web application for managing IP addresses in phpipam allows a attacker to execute arbitrary SQL queries.

The vulnerability of the app/admin/routing/edit-bgp-mapping-search.php web application for managing IP addresses in phpipam lies in the lack of measures taken to protect the SQL query structure when processing the “subnet” parameter. Exploiting this vulnerability allows a malicious actor to execu...

Exploit for SQL Injection in Phpipam

CVE-2022-23046 The original discovery and manual PoC is from...

CVE-2022-23046

PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php...

CVE-2022-23046

PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php...