40 matches found
EUVD-2019-19325
Malware in sbrugna...
EUVD-2017-6815
Malware in sbrugna...
EUVD-2008-6855
Malware in sbrugna...
EUVD-2008-6854
Malware in sbrugna...
EUVD-2008-6856
Malware in sbrugna...
EUVD-2019-4701
Malware in sbrugna...
EUVD-2019-19326
Malware in sbrugna...
EUVD-2022-32491
Malicious code in bioql PyPI...
CVE-2022-28005
An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server via /Electron/download directory traversal in conjunction with a path component that uses...
CVE-2019-9972
PhoneSystem Terminal in 3CX Phone System Debian based installation 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of " followed by " mishandling...
CVE-2019-13176
An issue was discovered in the 3CX Phone system web management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx component is affected by XXE via a crafted XML document in POST data. There is potential to use this for SSRF reading local files, outbound HTTP, and outbound DNS...
CVE-2019-9971
PhoneSystem Terminal in 3CX Phone System Debian based installation 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z aka postrotate-command option to tcpdump can be unsafe when used in conjunction with sud...
Command injection
PhoneSystem Terminal in 3CX Phone System Debian based installation 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of " followed by " mishandling...
Command injection
PhoneSystem Terminal in 3CX Phone System Debian based installation 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z aka postrotate-command option to tcpdump can be unsafe when used in conjunction with sud...
CVE-2019-9972
The CVE-2019-9972 issue affects 3CX Phone System (Debian-based) version 16.0.0.1570, where an authenticated attacker can run arbitrary commands as the phonesystem user due to mishandling of a local input pattern: " followed by ". The vulnerability is a command injection in the PhoneSystem Termina...
CVE-2019-9972
PhoneSystem Terminal in 3CX Phone System Debian based installation 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of " followed by " mishandling...
CVE-2019-9971
The CVE-2019-9971 entry concerns PhoneSystem Terminal in 3CX Phone System (Debian-based installation) 16.0.0.1570. The issue is a privilege-escalation vulnerability where an attacker can gain root privileges by using sudo with the tcpdump command due to the -z (postrotate-command) option being un...
CVE-2022-28005
An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server via /Electron/download directory traversal in conjunction with a path component that uses...
CVE-2022-28005
CVE-2022-28005 affects the 3CX Phone System Management Console prior to version 18 Update 3 FINAL on Windows. It allows an unauthenticated attacker to traverse the server via /Electron/download with backslash-using path components, leading to cleartext credential disclosure; a subsequent authenti...
CVE-2019-13176
An issue was discovered in the 3CX Phone system web management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx component is affected by XXE via a crafted XML document in POST data. There is potential to use this for SSRF reading local files, outbound HTTP, and outbound DNS...