18 matches found
EUVD-2017-7445
Malware in sbrugna...
EUVD-2017-7446
Malware in sbrugna...
The vulnerability of the conference communication component of the Mitel ST 14.2 telecommunications system, related to the lack of measures taken to protect the website structure, allows attackers to carry out cross-site scripting attacks.
The vulnerability of the conference communication component in Mitel ST 14.2 telecommunications systems is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...
CVE-2018-12901
A vulnerability in the conferencing component of Mitel ST 14.2, versions GA29 19.49.9400.0 and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient validation for the signin.php page. A successful exploit could allow an attack...
CVE-2018-12901
A vulnerability in the conferencing component of Mitel ST 14.2, versions GA29 19.49.9400.0 and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient validation for the signin.php page. A successful exploit could allow an attack...
Cross site scripting
A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 21.84.5535.0 and earlier, and Mitel ST 14.2, versions GA27 19.49.5200.0 and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient...
CVE-2018-9101
A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 21.84.5535.0 and earlier, and Mitel ST 14.2, versions GA27 19.49.5200.0 and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient...
Sql injection
A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 21.84.5535.0 and earlier, and Mitel ST 14.2, versions GA27 19.49.5200.0 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for...
CVE-2018-9101
Summary: CVE-2018-9101 is a reflected XSS vulnerability in the Mitel MiVoice Connect conferencing component. The issue affects Mitel MiVoice Connect versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2 GA27 (19.49.5200.0) and earlier. Root cause: insufficient validation on the la...
Security feature bypass
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated file using special...
CVE-2018-5780
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page. Successful exploit could...
CVE-2018-5781
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrecording.php page. Successful exploit could...
CVE-2018-5779
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated file using special...
CVE-2018-5779
Mit el Connect ONSITE (R1711-PREM and earlier) and Mitel ST (14.2 GA28 and earlier) contain a conferencing-component vulnerability that allows an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute it via specially crafted requests, enabling arbitr...
CVE-2018-5780
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page. Successful exploit could...
CVE-2018-5782
CVE-2018-5782 affects Mitel Connect ONSITE (ShoreTel) ST14.2 and Mitel ST, specifically versions including and prior to GA28. The vulnerability is in the conferencing component and allows an unauthenticated attacker to inject and execute arbitrary PHP code via crafted requests to vsethost.php, re...
CVE-2017-16250
A vulnerability in Mitel ST 14.2, release GA28 and earlier, could allow an attacker to use the API function to enumerate through user-ids which could be used to identify valid user ids and associated user names...
CVE-2017-16251
A vulnerability in the conferencing component of Mitel ST 14.2, release GA28 and earlier, could allow an authenticated user to upload a malicious script to the Personal Library by a crafted POST request. Successful exploit could allow an attacker to execute arbitrary code within the context of th...