Zenitel AlphaCom 安全漏洞

Zenitel AlphaCom is a critical communication server owned by the Norwegian company Zenitel. There is a security vulnerability in Zenitel AlphaCom, which allows attackers to read arbitrary files by modifying file path parameters to internal system paths...

Zenitel AlphaWeb XE 安全漏洞

Zenitel AlphaWeb XE is an embedded web server from Zenitel running on AlphaCom XE. A security vulnerability exists in Zenitel AlphaWeb XE version v11.2.3.10. An attacker can exploit the vulnerability to read arbitrary files on the application service...

CVE-2021-40845

The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded files is checked, allowing execution of PHP code under the /cmd directory...

Design/Logic Flaw

The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded files is checked, allowing execution of PHP code under the /cmd directory...

CVE-2021-40845

The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded files is checked, allowing execution of PHP code under the /cmd directory...

CVE-2021-40845

Zenitel AlphaCom XE Audio Server (AlphaWeb XE) up to version 11.2.3.10 exposes an authenticated file-upload path in the Custom Scripts tab (php/index.php) that does not validate file content or extension. Uploaded files can execute PHP code under /cmd, enabling remote code execution when an attac...

Zenitel AlphaCom XE Audio Server 11.2.3.10 Shell Upload Vulnerability

Zenitel AlphaCom XE Audio Server versions up to 11.2.3.10 have a web interface called AlphaWeb XE that allows for a remote shell upload. I. VULNERABILITY ------------------------- AlphaWeb XE - Authenticated Insecure File Upload leading to RCE II. CVE REFERENCE -------------------------...

Zenitel AlphaCom XE Audio Server 11.2.3.10 Shell Upload

Exploit Title: AlphaWeb XE - Authenticated Insecure File Upload leading to RCE CVE-2021-40845 Date: 09/09/2021 Exploit Author: Ricardo Ruiz @ricardojoserf Vendor website: https://www.zenitel.com/ Product website: https://wiki.zenitel.com/wiki/AlphaWeb CVE: CVE-2021-40845...

Zenitel AlphaCom XE Audio Server 11.2.3.10 Shell Upload

I. VULNERABILITY ------------------------- AlphaWeb XE - Authenticated Insecure File Upload leading to RCE II. CVE REFERENCE ------------------------- CVE-2021-40845 III. VENDOR ------------------------- https://www.zenitel.com/ IV. DESCRIPTION ------------------------- The web part of Zenitel...

Zenitel AlphaCom XE Audio Server 代码问题漏洞

Zenitel AlphaCom XE Audio Server is a hybrid intercom system from Zenitel Norway. The system supports all VINGTOR-STENTOFON IP and analog intercom stations. A security vulnerability exists in Zenitel AlphaCom XE Audio Server that allows remote shell uploads...

Exploit for Unrestricted Upload of File with Dangerous Type in Zenitel Alphacom_Xe_Audio_Server

CVE-2021-40845 I. VULNERABILITY ------------------------- Alp...