WALL OF SHEEP
WHAT IS THE WALL OF SHEEP?
Traditionally, the Wall of Sheep is an interactive demonstration of what can happen when network users let their guard down. We passively observe the traffic on a network, looking for evidence of users logging into email, web sites, or other network services without the protection of encryption. Those we find get put on the Wall of Sheep as a good-natured reminder that a malicious person could do the same thing we did . . . with far less friendly consequences. More importantly, we strive to educate the “sheep” we catch to prevent leaks in the future.
Now I use the term Wall of Sheep to denote the list of security issues that were “passively” observed when I am enjoying my security research as well as ethical hacking.
SHEEPS I CAUGHT
CVE-2020-6639 mongo-express denial of service
CVE-2019-10805 valib inspection bypass
CVE-2019-10790 taffyDB universal SQL Injection
CVE-2019-20149 kind-of type checking manipulation
CVE-2019-10781 schema-inspector validation bypass
CVE-2019-19729 bson-objectid ID forging
CVE-2019-19507 jpv validation violation
CVE-2019-18954 pomelo internal state manipulation
CVE-2019-2391 mongodb query condition abuse
CVE-2019-18608 cezerin unauthorized order modification
CVE-2019-18413 class-validator bypass
CVE-2019-17426 mongoose query condition abuse
CVE-2019-13623 Ghidra arbitrary code execution
CVE-2019-13624 ONOS remote command execution
CVE-2018-1132 Opendaylight’s SDNInterfaceapp module SQL injection.
CVE-2018-15595 Opendaylight’s TSDR Module Denial of Service
CVE-2018-1999020 ONOS Controller Directory Traversal
CVE-2018-1000614 ONOS Controller Notification XXE
CVE-2018-1000615 ONOS Controller OVSDB Remote Denial of Service
CVE-2018-1000616 ONOS Controller XMLCONFIGPARSER XXE
CVE-2018-1000617 Atlassian Floodlight Controller Remote Denial of Service
CVE-2018-1000163 Atlassian Floodlight Controller Web Console Cross-Site Scripting