23 matches found
EUVD-2020-25201
Malware in sbrugna...
EUVD-2020-25185
Malware in sbrugna...
Unisoon UltraLog Express SQL Injection Vulnerability
Unisoon UltraLog Express is a telephone recording system from Unisoon, Taiwan, China. A SQL injection vulnerability exists in the administration interface in Unisoon UltraLog Express. The vulnerability stems from the lack of validation of externally entered SQL statements in database-based...
Unisoon UltraLog Express Sensitive Data Disclosure Vulnerability
Unisoon UltraLog Express is a telephone recording system from Unisoon, Taiwan, China. A security vulnerability exists in Unisoon UltraLog Express, which is caused by the management software storing user information in plaintext. The vulnerability can be exploited by an attacker to gain access to...
CVE-2020-3936
UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command...
CVE-2020-3921
UltraLog Express device management software stores user’s information in cleartext. Any user can obtain accounts information through a specific page...
CVE-2020-3920
UltraLog Express device management interface does not properly perform access authentication in some specific pages/functions. Any user can access the privileged page to manage accounts through specific system directory...
CVE-2020-3920
UltraLog Express device management interface does not properly perform access authentication in some specific pages/functions. Any user can access the privileged page to manage accounts through specific system directory...
CVE-2020-3936
UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command...
CVE-2020-3921
UltraLog Express device management software stores user’s information in cleartext. Any user can obtain accounts information through a specific page...
Information disclosure
UltraLog Express device management software stores user’s information in cleartext. Any user can obtain accounts information through a specific page...
Directory traversal
UltraLog Express device management interface does not properly perform access authentication in some specific pages/functions. Any user can access the privileged page to manage accounts through specific system directory...
CVE-2020-3921 Unisoon UltraLog Express - Sensitive Data Exposure
UltraLog Express device management software stores user’s information in cleartext. Any user can obtain accounts information through a specific page...
CVE-2020-3921 Unisoon UltraLog Express - Sensitive Data Exposure
UltraLog Express device management software stores user’s information in cleartext. Any user can obtain accounts information through a specific page...
CVE-2020-3936 Unisoon UltraLog Express - SQL Injection
UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command...
CVE-2020-3921
The CVE-2020-3921 entry concerns Unisoon UltraLog Express device management software that stores user information in cleartext, enabling access to account data via a specific page. Multiple connected sources corroborate: the vulnerability is a data disclosure due to plaintext storage in the Ultra...
CVE-2020-3936 Unisoon UltraLog Express - SQL Injection
UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command...
CVE-2020-3936
The CVE-2020-3936 issue concerns the UltraLog Express device management interface from Unisoon. Affected component: the device management interface that fails to properly filter user-inputted strings in specific parameters, enabling SQL injection. Root cause: lack of input validation/filtering le...
CVE-2020-3920 Unisoon UltraLog Express - Broken Authentication
UltraLog Express device management interface does not properly perform access authentication in some specific pages/functions. Any user can access the privileged page to manage accounts through specific system directory...
CVE-2020-3920
CVE-2020-3920 affects the UltraLog Express device management interface (Unisoon) where access authentication is not properly enforced on certain pages/functions, enabling any user to reach a privileged page for managing accounts via a system directory. Multiple sources (NVD, CNVD, CVE records, an...