Lucene search
K

49 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-4701

Malware in sbrugna...

7.5CVSS7.6AI score0.02461EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-19325

Malware in sbrugna...

9CVSS8.6AI score0.01565EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2008-6855

Malware in sbrugna...

7.8CVSS6.4AI score0.0121EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2008-6856

Malware in sbrugna...

5CVSS6.4AI score0.01064EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2008-6854

Malware in sbrugna...

4.3CVSS6.4AI score0.01065EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-6032

Malware in sbrugna...

7.8CVSS7.7AI score0.00369EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2017-6815

Malware in sbrugna...

6.5CVSS6.5AI score0.06168EPSS
Exploits4References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-19326

Malware in sbrugna...

9CVSS8.6AI score0.01613EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-32491

Malicious code in bioql PyPI...

9.8CVSS8.1AI score0.0608EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 1:6 a.m.5 views

CVE-2022-28005

An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server via /Electron/download directory traversal in conjunction with a path component that uses...

9.8CVSS7.4AI score0.0608EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:24 a.m.8 views

CVE-2019-9972

PhoneSystem Terminal in 3CX Phone System Debian based installation 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of " followed by " mishandling...

9CVSS7.1AI score0.01613EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:6 a.m.9 views

CVE-2019-13176

An issue was discovered in the 3CX Phone system web management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx component is affected by XXE via a crafted XML document in POST data. There is potential to use this for SSRF reading local files, outbound HTTP, and outbound DNS...

7.5CVSS6.7AI score0.02461EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:24 a.m.10 views

CVE-2019-14935

3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link...

7.8CVSS7.3AI score0.00369EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:28 a.m.8 views

CVE-2019-9971

PhoneSystem Terminal in 3CX Phone System Debian based installation 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z aka postrotate-command option to tcpdump can be unsafe when used in conjunction with sud...

9CVSS7.1AI score0.01565EPSS
Exploits1References1
Prion
Prion
added 2022/06/07 6:15 p.m.20 views

Command injection

PhoneSystem Terminal in 3CX Phone System Debian based installation 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z aka postrotate-command option to tcpdump can be unsafe when used in conjunction with sud...

9CVSS8.7AI score0.01565EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2022/06/07 6:15 p.m.20 views

Command injection

PhoneSystem Terminal in 3CX Phone System Debian based installation 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of " followed by " mishandling...

9CVSS8.6AI score0.01613EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/06/07 5:57 p.m.61 views

CVE-2019-9972

The CVE-2019-9972 issue affects 3CX Phone System (Debian-based) version 16.0.0.1570, where an authenticated attacker can run arbitrary commands as the phonesystem user due to mishandling of a local input pattern: " followed by ". The vulnerability is a command injection in the PhoneSystem Termina...

9CVSS8.6AI score0.01613EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/06/07 5:57 p.m.24 views

CVE-2019-9972

PhoneSystem Terminal in 3CX Phone System Debian based installation 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of " followed by " mishandling...

8.7AI score0.01613EPSS
Exploits1References2
CVE
CVE
added 2022/06/07 5:56 p.m.64 views

CVE-2019-9971

The CVE-2019-9971 entry concerns PhoneSystem Terminal in 3CX Phone System (Debian-based installation) 16.0.0.1570. The issue is a privilege-escalation vulnerability where an attacker can gain root privileges by using sudo with the tcpdump command due to the -z (postrotate-command) option being un...

9CVSS8.7AI score0.01565EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/05/06 12:0 a.m.40 views

CVE-2022-28005

An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server via /Electron/download directory traversal in conjunction with a path component that uses...

8.9AI score0.0608EPSS
Exploits0References4
Rows per page
Query Builder