Lucene search
+L

108 matches found

OSV
OSV
added 2024/03/06 10:59 a.m.14 views

BIT-OPENFIRE-2021-45967

An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints...

9.8CVSS9.3AI score0.208EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/02/26 12:0 a.m.4 views

Innovaphone PBX Security Breach

Innovaphone PBX is an advanced and modern IP phone system from Innovaphone. A security vulnerability exists in Innovaphone PBX versions prior to 14r1, which stems from the vulnerability of passwords used for authentication to brute force attacks...

6.5CVSS6.9AI score0.00307EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/12/12 12:0 a.m.2 views

Apple iOS and iPadOS Security Vulnerabilities

Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS version 16.7.2 and iPadOS version 16.7.2, which stems from the fact that...

7.8CVSS7.2AI score0.00262EPSS
Exploits0References5
OSV
OSV
added 2023/07/11 2:15 a.m.3 views

CVE-2023-37190

A stored cross-site scripting XSS vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name and Caller ID Name parameters under the New Virtual Fax feature...

4.8CVSS5.9AI score0.00482EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/03/27 12:0 a.m.5 views

Apple iOS 和 iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS and iPadOS, which originates from a file from the iCloud Shared by Me folder...

9.8CVSS7.5AI score0.00726EPSS
Exploits0References5
OSV
OSV
added 2022/06/07 6:15 p.m.3 views

CVE-2019-9971

PhoneSystem Terminal in 3CX Phone System Debian based installation 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z aka postrotate-command option to tcpdump can be unsafe when used in conjunction with sud...

8.8CVSS5.7AI score0.01565EPSS
Exploits1References3
OSV
OSV
added 2022/06/07 6:15 p.m.4 views

CVE-2019-9972

PhoneSystem Terminal in 3CX Phone System Debian based installation 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of " followed by " mishandling...

8.8CVSS7.4AI score0.01613EPSS
Exploits1References2
Prion
Prion
added 2022/06/07 6:15 p.m.20 views

Command injection

PhoneSystem Terminal in 3CX Phone System Debian based installation 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of " followed by " mishandling...

9CVSS8.6AI score0.01613EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/06/07 6:15 p.m.21 views

Command injection

PhoneSystem Terminal in 3CX Phone System Debian based installation 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z aka postrotate-command option to tcpdump can be unsafe when used in conjunction with sud...

9CVSS8.7AI score0.01565EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2022/06/07 5:57 p.m.61 views

CVE-2019-9972

The CVE-2019-9972 issue affects 3CX Phone System (Debian-based) version 16.0.0.1570, where an authenticated attacker can run arbitrary commands as the phonesystem user due to mishandling of a local input pattern: " followed by ". The vulnerability is a command injection in the PhoneSystem Termina...

9CVSS8.6AI score0.01613EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/06/07 5:57 p.m.24 views

CVE-2019-9972

PhoneSystem Terminal in 3CX Phone System Debian based installation 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of " followed by " mishandling...

8.7AI score0.01613EPSS
Exploits1References2
CVE
CVE
added 2022/06/07 5:56 p.m.64 views

CVE-2019-9971

The CVE-2019-9971 entry concerns PhoneSystem Terminal in 3CX Phone System (Debian-based installation) 16.0.0.1570. The issue is a privilege-escalation vulnerability where an attacker can gain root privileges by using sudo with the tcpdump command due to the -z (postrotate-command) option being un...

9CVSS8.7AI score0.01565EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2022/06/07 12:0 a.m.4 views

3CX Phone 命令注入漏洞

The 3CX Phone is a software-based private branch exchange. It can be used with SIP standard based IP phones, SIP trunks and VoIP gateways to provide a complete communication solution. A security vulnerability exists in 3CX Phone System version 16.0.0.1570, which stems from improper handling of so...

9CVSS8.1AI score0.01613EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/06/07 12:0 a.m.5 views

3CX Phone 安全漏洞

The 3CX Phone is a software-based private branch exchange. It can be used with SIP standard based IP phones, SIP trunks and VoIP gateways to provide a complete communication solution. A security vulnerability exists in 3CX Phone System version 16.0.0.1570, which stems from the -z aka...

9CVSS7.7AI score0.01565EPSS
Exploits1References3
NVD
NVD
added 2022/05/06 3:15 p.m.29 views

CVE-2022-28005

An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server via /Electron/download directory traversal in conjunction with a path component that uses...

9.8CVSS0.0613EPSS
Exploits0References4
Prion
Prion
added 2022/05/06 3:15 p.m.19 views

Directory traversal

An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server via /Electron/download directory traversal in conjunction with a path component that uses...

5CVSS8.3AI score0.0613EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2022/05/06 12:0 a.m.5 views

3CX Phone system(web)management console 安全漏洞

The 3CX Phone is a software-based private branch exchange. It can be used with SIP standard based IP phones, SIP trunks and VoIP gateways to provide a complete communication solution. A security vulnerability exists in 3CX Phone system web management console version 18.0. An attacker could exploi...

9.8CVSS7.9AI score0.0613EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/05/06 12:0 a.m.43 views

CVE-2022-28005

An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server via /Electron/download directory traversal in conjunction with a path component that uses...

8.9AI score0.0613EPSS
Exploits0References4
CVE
CVE
added 2022/05/06 12:0 a.m.128 views

CVE-2022-28005

CVE-2022-28005 affects the 3CX Phone System Management Console prior to version 18 Update 3 FINAL on Windows. It allows an unauthenticated attacker to traverse the server via /Electron/download with backslash-using path components, leading to cleartext credential disclosure; a subsequent authenti...

9.8CVSS8.2AI score0.0613EPSS
In wildExploits0References4Affected Software1
CNVD
CNVD
added 2022/03/22 12:0 a.m.38 views

Pascom Cloud Phone System Path Traversal Vulnerability

Pascom Cloud Phone System is a cloud phone system from Pascom. Used to provide integrated communication solutions for businesses and individuals, Pascom Cloud Phone System is vulnerable to a path traversal vulnerability that stems from a configuration error before nginx and the back-end server...

9.8CVSS3.2AI score0.208EPSS
Exploits1References1
Rows per page
Query Builder