CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Dialogic PowerMedia XMS is a highly scalable, software-only media server that supports standards-based, real-time multimedia communication solutions for mobile and broadband environments. An XML external entity injection vulnerability exists in the Web services in Dialogic PowerMedia XMS 3.5 and...

9.1CVSS9.2AI score0.01892EPSS

Exploits1References1

CNVD•added 2018/07/04 12:0 a.m.•2 views

Dialogic PowerMedia XMS Cross-Site Request Forgery Vulnerability

Dialogic PowerMedia XMS is a highly scalable, software-only media server that supports standards-based, real-time multimedia communication solutions for mobile and broadband environments. A cross-site request forgery vulnerability exists in the management console of Dialogic PowerMedia XMS 3.5 an...

8.8CVSS8.8AI score0.00644EPSS

Exploits1References1

CNVD•added 2018/07/04 12:0 a.m.•2 views

Dialogic PowerMedia XMS password plaintext storage vulnerability (CNVD-2019-19212)

Dialogic PowerMedia XMS is a suite of software multimedia servers for real-time communications from Dialogic, Inc. that provide real-time multimedia communication solutions for IMS, MRF, enterprise and WebRTC applications. A password plaintext storage vulnerability exists in the...

8.1CVSS8.3AI score0.01107EPSS

Exploits1References1

CNVD•added 2018/07/04 12:0 a.m.•2 views

Dialogic PowerMedia XMS Password Plaintext Storage Vulnerability

Dialogic PowerMedia XMS is a suite of software multimedia servers for real-time communications from Dialogic, Inc. that provide real-time multimedia communication solutions for IMS, MRF, enterprise and WebRTC applications. A security vulnerability in the management console in Dialogic PowerMedia...

7.8CVSS7.6AI score0.00392EPSS

Exploits1References1

CNVD•added 2018/07/04 12:0 a.m.•2 views

Dialogic PowerMedia XMS Information Disclosure Vulnerability

Dialogic PowerMedia XMS is a highly scalable, software-only media server that supports standards-based, real-time multimedia communication solutions for mobile and broadband environments. An information disclosure vulnerability exists in the management console of Dialogic PowerMedia XMS 3.5 and...

7.5CVSS7.3AI score0.0205EPSS

Exploits1References1

CNVD•added 2018/07/04 12:0 a.m.•2 views

Dialogic PowerMedia XMS File Unrestricted Upload Vulnerability

Dialogic PowerMedia XMS is a suite of software multimedia servers for real-time communications from Dialogic, Inc. that provide real-time multimedia communication solutions for IMS, MRF, enterprise and WebRTC applications. A security vulnerability exists in the management console of Dialogic...

9CVSS7.3AI score0.04098EPSS

Exploits1References1

OSV•added 2018/07/03 5:29 p.m.•4 views

CVE-2018-11643

SQL injection vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to execute arbitrary SQL commands via the filterPattern parameter...

8.8CVSS6.1AI score0.01364EPSS

Exploits1References1

Prion•added 2018/07/03 5:29 p.m.•14 views

Code injection

Plaintext Storage of Passwords in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows local users to access the web application's user passwords in cleartext by reading /var/www/xms/xmsdb/default.db...

2.1CVSS7.4AI score0.00392EPSS

Exploits1References1Affected Software1

Prion•added 2018/07/03 5:29 p.m.•19 views

Default credentials

Plaintext Storage of Passwords within Cookies in /var/www/xms/application/controllers/verifyLogin.php in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to access a user's password in cleartext...

4.3CVSS8.1AI score0.01107EPSS

Exploits1References1Affected Software1

OSV•added 2018/07/03 5:29 p.m.•2 views

CVE-2018-11636

Cross-site request forgery CSRF vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to execute malicious and unauthorized actions...

8.8CVSS5.9AI score0.00644EPSS

Exploits1References1

NVD•added 2018/07/03 5:29 p.m.•16 views

CVE-2018-11640

XML External Entity XXE vulnerability in the web service in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to read arbitrary files or cause a denial of service resource consumption...

9.1CVSS9.1AI score0.01892EPSS

Exploits1References1

NVD•added 2018/07/03 5:29 p.m.•15 views

CVE-2018-11635

Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to bypass authentication...

9.8CVSS9.5AI score0.01999EPSS

Exploits1References1

NVD•added 2018/07/03 5:29 p.m.•13 views

CVE-2018-11634

7.8CVSS7.5AI score0.00392EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by