Lucene search
K

18 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-7445

Malware in sbrugna...

5.3CVSS5.5AI score0.0087EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-7446

Malware in sbrugna...

9CVSS8.8AI score0.01787EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2021/09/08 12:0 a.m.7 views

The vulnerability of the conference communication component of the Mitel ST 14.2 telecommunications system, related to the lack of measures taken to protect the website structure, allows attackers to carry out cross-site scripting attacks.

The vulnerability of the conference communication component in Mitel ST 14.2 telecommunications systems is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...

6.1CVSS6.1AI score0.01124EPSS
Exploits0References5
NVD
NVD
added 2018/10/23 9:30 p.m.17 views

CVE-2018-12901

A vulnerability in the conferencing component of Mitel ST 14.2, versions GA29 19.49.9400.0 and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient validation for the signin.php page. A successful exploit could allow an attack...

6.1CVSS6.1AI score0.01124EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/10/23 9:0 p.m.26 views

CVE-2018-12901

A vulnerability in the conferencing component of Mitel ST 14.2, versions GA29 19.49.9400.0 and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient validation for the signin.php page. A successful exploit could allow an attack...

6.2AI score0.01124EPSS
Exploits0References1
Prion
Prion
added 2018/04/25 8:29 p.m.12 views

Cross site scripting

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 21.84.5535.0 and earlier, and Mitel ST 14.2, versions GA27 19.49.5200.0 and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient...

4.3CVSS6.1AI score0.01052EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2018/04/25 8:29 p.m.23 views

CVE-2018-9101

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 21.84.5535.0 and earlier, and Mitel ST 14.2, versions GA27 19.49.5200.0 and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient...

6.1CVSS6.1AI score0.01052EPSS
Exploits0References2
Prion
Prion
added 2018/04/25 8:29 p.m.18 views

Sql injection

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 21.84.5535.0 and earlier, and Mitel ST 14.2, versions GA27 19.49.5200.0 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for...

4.3CVSS6.7AI score0.01073EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2018/04/25 8:0 p.m.61 views

CVE-2018-9101

Summary: CVE-2018-9101 is a reflected XSS vulnerability in the Mitel MiVoice Connect conferencing component. The issue affects Mitel MiVoice Connect versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2 GA27 (19.49.5200.0) and earlier. Root cause: insufficient validation on the la...

6.1CVSS6.1AI score0.01052EPSS
Exploits0References2Affected Software2
Prion
Prion
added 2018/03/14 4:29 p.m.20 views

Security feature bypass

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated file using special...

10CVSS9.6AI score0.0277EPSS
Exploits0References1Affected Software2
NVD
NVD
added 2018/03/14 4:29 p.m.23 views

CVE-2018-5780

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page. Successful exploit could...

10CVSS9.7AI score0.01763EPSS
Exploits0References1
NVD
NVD
added 2018/03/14 4:29 p.m.27 views

CVE-2018-5781

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrecording.php page. Successful exploit could...

10CVSS9.7AI score0.01763EPSS
Exploits0References1
NVD
NVD
added 2018/03/14 4:29 p.m.26 views

CVE-2018-5779

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated file using special...

10CVSS9.7AI score0.0277EPSS
Exploits0References1
CVE
CVE
added 2018/03/14 4:0 p.m.39 views

CVE-2018-5779

Mit el Connect ONSITE (R1711-PREM and earlier) and Mitel ST (14.2 GA28 and earlier) contain a conferencing-component vulnerability that allows an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute it via specially crafted requests, enabling arbitr...

10CVSS9.6AI score0.0277EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2018/03/14 4:0 p.m.27 views

CVE-2018-5780

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page. Successful exploit could...

9.7AI score0.01763EPSS
Exploits0References1
CVE
CVE
added 2018/03/14 4:0 p.m.74 views

CVE-2018-5782

CVE-2018-5782 affects Mitel Connect ONSITE (ShoreTel) ST14.2 and Mitel ST, specifically versions including and prior to GA28. The vulnerability is in the conferencing component and allows an unauthenticated attacker to inject and execute arbitrary PHP code via crafted requests to vsethost.php, re...

10CVSS9.7AI score0.19715EPSS
Exploits4References3Affected Software2
NVD
NVD
added 2018/03/13 7:29 p.m.22 views

CVE-2017-16250

A vulnerability in Mitel ST 14.2, release GA28 and earlier, could allow an attacker to use the API function to enumerate through user-ids which could be used to identify valid user ids and associated user names...

5.3CVSS5.2AI score0.0087EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/03/13 7:0 p.m.28 views

CVE-2017-16251

A vulnerability in the conferencing component of Mitel ST 14.2, release GA28 and earlier, could allow an authenticated user to upload a malicious script to the Personal Library by a crafted POST request. Successful exploit could allow an attacker to execute arbitrary code within the context of th...

8.7AI score0.01787EPSS
Exploits0References1
Rows per page
Query Builder