WALL OF SHEEP

WHAT IS THE WALL OF SHEEP?

Traditionally, the Wall of Sheep is an interactive demonstration of what can happen when network users let their guard down. We passively observe the traffic on a network, looking for evidence of users logging into email, web sites, or other network services without the protection of encryption. Those we find get put on the Wall of Sheep as a good-natured reminder that a malicious person could do the same thing we did . . . with far less friendly consequences. More importantly, we strive to educate the “sheep” we catch to prevent leaks in the future.

Now I use the term Wall of Sheep to denote the list of security issues that were “passively” observed when I am enjoying my security research as well as ethical hacking.

SHEEPS I CAUGHT

CVE-2020-6639 mongo-express denial of service

CVE-2019-10805 valib inspection bypass

CVE-2019-10790 taffyDB universal SQL Injection

CVE-2019-20149 kind-of type checking manipulation

CVE-2019-10781 schema-inspector validation bypass

CVE-2019-19729 bson-objectid ID forging

CVE-2019-19507 jpv validation violation

CVE-2019-18954 pomelo internal state manipulation

CVE-2019-2391 mongodb query condition abuse

CVE-2019-18608 cezerin unauthorized order modification

CVE-2019-18413 class-validator bypass

CVE-2019-17426 mongoose query condition abuse

CVE-2019-13623 Ghidra arbitrary code execution

CVE-2019-13624 ONOS remote command execution

CVE-2018-1132 Opendaylight’s SDNInterfaceapp module SQL injection.

CVE-2018-15595 Opendaylight’s TSDR Module Denial of Service

CVE-2018-1999020 ONOS Controller Directory Traversal

CVE-2018-1000614 ONOS Controller Notification XXE

CVE-2018-1000615 ONOS Controller OVSDB Remote Denial of Service

CVE-2018-1000616 ONOS Controller XMLCONFIGPARSER XXE

CVE-2018-1000617 Atlassian Floodlight Controller Remote Denial of Service

CVE-2018-1000163 Atlassian Floodlight Controller Web Console Cross-Site Scripting