32 matches found
EUVD-2019-10480
Malware in sbrugna...
EUVD-2024-18166
Malicious code in bioql PyPI...
CVE-2024-20450
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges...
CVE-2024-20454
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges...
EUVD-2024-18165
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges...
CVE-2024-20450
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges...
The vulnerability in the web interface for controlling microprogrammed IP phones of the Cisco Small Business SPA500 series allows attackers to perform cross-site scripting attacks.
The vulnerability of the web interface for managing microprogrammed IP telephone systems from Cisco’s Small Business SPA500 series is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting...
CVE-2023-20181
A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the...
Input validation
A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters ATAs could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser. This vulnerability is due to insufficient validation of user-supplied input by the...
CVE-2023-20181
A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the...
CVE-2023-20218
Cisco SPA500 Series ATAs web-based management interface is affected by CVE-2023-20218. Root cause: insufficient validation of user-supplied input in the web UI. Attack scenario: authenticated remote attacker can persuade a user to click a crafted link, enabling content modification in the browser...
CVE-2023-20218
A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters ATAs could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser. This vulnerability is due to insufficient validation of user-supplied input by the...
CVE-2023-20218
A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters ATAs could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser. This vulnerability is due to insufficient validation of user-supplied input by the...
Cisco Small Business SPA500 Series IP Phones HTML Injection Vulnerability
Cisco Small Business SPA500 Series IP Phones is an SPA500 series IP phone from Cisco USA. The Cisco Small Business SPA500 Series IP Phones suffer from an HTML injection vulnerability that can be exploited by an attacker to redirect users to potentially malicious websites by convincing them to cli...
Cisco Small Business SPA500 Series IP Phones Cross-Site Scripting Vulnerability
Cisco Small Business SPA500 Series IP Phones is an SPA500 series IP phone from Cisco USA. A cross-site scripting vulnerability exists in the Cisco Small Business SPA500 Series IP Phones, which can be exploited by an attacker to execute arbitrary script code in the context of an affected interface...
Cisco Small Business SPA500 Series IP Phones Web UI Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS or HTML injection attacks. For more information about these vulnerabilities, see the Details "details"...
PT-2022-6770 · Cisco · Cisco Small Business Spa500 Series Ip Phones
Name of the Vulnerable Software and Affected Versions: Cisco Small Business SPA500 Series IP Phones affected versions not specified Description: A vulnerability in the web-based management interface could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks. This...
Cisco Small Business SPA500 Series IP Phones Input Validation Error Vulnerability
Cisco Small Business SPA500 Series IP Phones is an SPA500 series IP phone from Cisco USA. An input validation error vulnerability exists in Cisco Small Business SPA500 Series IP Phones using firmware version 7.6.2SR5 and earlier. The vulnerability stems from the fact that the device comes with...
CVE-2019-15959
A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit...
CVE-2019-15959
A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit...