108 matches found
BIT-OPENFIRE-2021-45967
An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints...
Innovaphone PBX Security Breach
Innovaphone PBX is an advanced and modern IP phone system from Innovaphone. A security vulnerability exists in Innovaphone PBX versions prior to 14r1, which stems from the vulnerability of passwords used for authentication to brute force attacks...
Apple iOS and iPadOS Security Vulnerabilities
Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS version 16.7.2 and iPadOS version 16.7.2, which stems from the fact that...
CVE-2023-37190
A stored cross-site scripting XSS vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name and Caller ID Name parameters under the New Virtual Fax feature...
Apple iOS 和 iPadOS 安全漏洞
Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS and iPadOS, which originates from a file from the iCloud Shared by Me folder...
CVE-2019-9971
PhoneSystem Terminal in 3CX Phone System Debian based installation 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z aka postrotate-command option to tcpdump can be unsafe when used in conjunction with sud...
CVE-2019-9972
PhoneSystem Terminal in 3CX Phone System Debian based installation 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of " followed by " mishandling...
Command injection
PhoneSystem Terminal in 3CX Phone System Debian based installation 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of " followed by " mishandling...
Command injection
PhoneSystem Terminal in 3CX Phone System Debian based installation 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z aka postrotate-command option to tcpdump can be unsafe when used in conjunction with sud...
CVE-2019-9972
The CVE-2019-9972 issue affects 3CX Phone System (Debian-based) version 16.0.0.1570, where an authenticated attacker can run arbitrary commands as the phonesystem user due to mishandling of a local input pattern: " followed by ". The vulnerability is a command injection in the PhoneSystem Termina...
CVE-2019-9972
PhoneSystem Terminal in 3CX Phone System Debian based installation 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of " followed by " mishandling...
CVE-2019-9971
The CVE-2019-9971 entry concerns PhoneSystem Terminal in 3CX Phone System (Debian-based installation) 16.0.0.1570. The issue is a privilege-escalation vulnerability where an attacker can gain root privileges by using sudo with the tcpdump command due to the -z (postrotate-command) option being un...
3CX Phone 命令注入漏洞
The 3CX Phone is a software-based private branch exchange. It can be used with SIP standard based IP phones, SIP trunks and VoIP gateways to provide a complete communication solution. A security vulnerability exists in 3CX Phone System version 16.0.0.1570, which stems from improper handling of so...
3CX Phone 安全漏洞
The 3CX Phone is a software-based private branch exchange. It can be used with SIP standard based IP phones, SIP trunks and VoIP gateways to provide a complete communication solution. A security vulnerability exists in 3CX Phone System version 16.0.0.1570, which stems from the -z aka...
CVE-2022-28005
An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server via /Electron/download directory traversal in conjunction with a path component that uses...
Directory traversal
An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server via /Electron/download directory traversal in conjunction with a path component that uses...
3CX Phone system(web)management console 安全漏洞
The 3CX Phone is a software-based private branch exchange. It can be used with SIP standard based IP phones, SIP trunks and VoIP gateways to provide a complete communication solution. A security vulnerability exists in 3CX Phone system web management console version 18.0. An attacker could exploi...
CVE-2022-28005
An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server via /Electron/download directory traversal in conjunction with a path component that uses...
CVE-2022-28005
CVE-2022-28005 affects the 3CX Phone System Management Console prior to version 18 Update 3 FINAL on Windows. It allows an unauthenticated attacker to traverse the server via /Electron/download with backslash-using path components, leading to cleartext credential disclosure; a subsequent authenti...
Pascom Cloud Phone System Path Traversal Vulnerability
Pascom Cloud Phone System is a cloud phone system from Pascom. Used to provide integrated communication solutions for businesses and individuals, Pascom Cloud Phone System is vulnerable to a path traversal vulnerability that stems from a configuration error before nginx and the back-end server...