41 matches found
EUVD-2023-12532
Malicious code in bioql PyPI...
EUVD-2023-12536
Malicious code in bioql PyPI...
EUVD-2022-33672
Malicious code in bioql PyPI...
CVE-2024-24386
An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder...
CVE-2023-0486
VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance's administrator account via a malicious link. This is possible because the application is vulnerable to XSS...
CVE-2023-0480
VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance administrator's account. This is possible because the application is vulnerable to CSRF...
CVE-2022-29330
Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via unspecified vectors...
The vulnerability of the Task Manager module of the VitalPBX unified communication system allows a hacker to execute arbitrary commands.
The vulnerability of the Task Manager module of the VitalPBX unified communication system is related to errors in access control due to insufficient protection of service data during script processing from the /var/lib/vitalpbx directory. Exploiting this vulnerability allows a remote attacker to...
CVE-2024-24386
An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder...
CVE-2024-24386
An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder...
Design/Logic Flaw
An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder...
CVE-2024-24386
An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder...
CVE-2024-24386
CVE-2024-24386 affects VitalPBX v3.2.4-5. An attacker can run arbitrary code via a crafted payload to /var/lib/vitalpbx/scripts, caused by insufficient protection when processing a script from that directory (per PT-Security/Red Hat/NVD entries). Impact is high: remote code execution. Remediation...
VitalPBX Security Breach
VitalPBX is an Asterisk-based unified communications PBX system. A security vulnerability exists in VitalPBX version v.3.2.4-5 that originates from a vulnerability that allows an attacker to execute arbitrary code via a crafted payload...
CVE-2024-24386
An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder...
PT-2024-1831 · Vitalpbx · Vitalpbx
Name of the Vulnerable Software and Affected Versions: VitalPBX versions 3.2.4 through 3.2.5 Description: The issue is related to insufficient protection of service data when processing a script from the /var/lib/vitalpbx directory, allowing an attacker to execute arbitrary code via a crafted...
CVE-2023-0480
VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance administrator's account. This is possible because the application is vulnerable to CSRF...
CVE-2023-0486
VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance's administrator account via a malicious link. This is possible because the application is vulnerable to XSS...
CVE-2023-0480
VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance administrator's account. This is possible because the application is vulnerable to CSRF...
CVE-2023-0486
VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance's administrator account via a malicious link. This is possible because the application is vulnerable to XSS...