CVE-2023-51924

An arbitrary file upload vulnerability in the uap.framework.rc.itf.IResourceManager interface of YonBIP v323.05 allows attackers to execute arbitrary code via uploading a crafted file...

PT-2024-14325 · Yonbip · Yonbip

Name of the Vulnerable Software and Affected Versions: YonBIP version 3 23.05 Description: An arbitrary file upload vulnerability in the uap.framework.rc.itf.IResourceManager interface allows attackers to execute arbitrary code via uploading a crafted file. Recommendations: For YonBIP version 3...

CVE-2023-40046

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a SQL injection vulnerability exists in the WSFTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements...

CVE-2023-40046 WS_FTP Server SQL Injection via Administrative Interface

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a SQL injection vulnerability exists in the WSFTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements...

PT-2023-6494 · Ipswitch · Ws Ftp Server

Name of the Vulnerable Software and Affected Versions: WS FTP Server versions prior to 8.7.4 WS FTP Server versions prior to 8.8.2 Description: A SQL injection vulnerability exists in the WS FTP Server manager interface. An attacker may be able to infer information about the structure and content...

The vulnerability of the application software interface of the Cisco Catalyst SD-WAN Manager allows a attacker to disclose sensitive information or alter the configuration of the Cisco Catalyst SD-WAN Manager instances.

The vulnerability of the application software interface of the Cisco Catalyst SD-WAN Manager is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information or alter the configuration of the Cisco Catalyst...

CVE-2023-26567

Sangoma FreePBX 1805 through 2302 when obtained as a ,.ISO file places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database MariaDB/MySQL and Asterisk Manager Interface. For example, an attack...

CVE-2023-26567

Sangoma FreePBX 1805 through 2302 when obtained as a ,.ISO file places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database MariaDB/MySQL and Asterisk Manager Interface. For example, an attack...

CVE-2023-26567

Sangoma FreePBX 1805 through 2302 when obtained as a ,.ISO file places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database MariaDB/MySQL and Asterisk Manager Interface. For example, an attack...

CVE-2023-26567

Sangoma FreePBX 1805 through 2302 when obtained as a ,.ISO file places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database MariaDB/MySQL and Asterisk Manager Interface. For example, an attack...

CVE-2023-26567

Sangoma FreePBX versions 1805–2302 (ISO install) expose plaintext credentials by placing AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the Asterisk Global Variables list. The issue enables retrieval of credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface via ...

SUSE CVE-2007-2294

The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service crash by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference...

SUSE CVE-2012-4558

Multiple cross-site scripting XSS vulnerabilities in the balancerhandler function in the manager interface in modproxybalancer.c in the modproxybalancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML vi...

Path Traversal

asterisk is vulnerable to Path Traversal. The Asterisk Manager Interface's vulnerability allows an attacker to access files outside the asterisk configuration directory...

DEBIAN-CVE-2022-42706

An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal...

ALPINE-CVE-2022-42706

An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal...

PT-2022-26511 · Sangoma +1 · Asterisk +1

Name of the Vulnerable Software and Affected Versions: Sangoma Asterisk versions 16.28 and earlier, 17, 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1 Description: An issue was discovered in Sangoma Asterisk that allows a connected application to access files outside of the...

CVE-2022-42706

An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal...

Dell EMC PowerStore 安全漏洞

Dell EMC PowerStore is a storage device from Dell Inc. in the United States. A security vulnerability in the PowerStore Manager GUI component of the Dell EMC PowerStore, which stems from Authentication without reasonably limiting the number of authentications allows an unauthenticated remote...

Improper Neutralization of Input During Web Page Generation in Apache Tomcat

Multiple cross-site scripting XSS vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag...