EUVD-2019-10584

Malware in sbrugna...

EUVD-2019-10582

Malware in sbrugna...

CVE-2019-20028

Aspire-derived NEC PBXes operating InMail software, including all versions of SV8100, SV9100, SL1100 and SL2100 devices allow unauthenticated read-only access to voicemails, greetings, and voice response system content through a system's WebPro administration interface...

CVE-2019-20026

The WebPro interface in NEC SV9100 software releases 7.0 or higher allows unauthenticated remote attackers to reset all existing usernames and passwords to default values via a crafted request...

CVE-2019-20026

The WebPro interface in NEC SV9100 software releases 7.0 or higher allows unauthenticated remote attackers to reset all existing usernames and passwords to default values via a crafted request...

CVE-2019-20029

An exploitable privilege escalation vulnerability exists in the WebPro functionality of Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices. A specially crafted HTTP POST can cause privilege escalation resulting in a higher privileged account, including a...

CVE-2019-20028

Aspire-derived NEC PBXes operating InMail software, including all versions of SV8100, SV9100, SL1100 and SL2100 devices allow unauthenticated read-only access to voicemails, greetings, and voice response system content through a system's WebPro administration interface...

Design/Logic Flaw

The WebPro interface in NEC SV9100 software releases 7.0 or higher allows unauthenticated remote attackers to reset all existing usernames and passwords to default values via a crafted request...

CVE-2019-20029

CVE-2019-20029 describes an exploitable privilege-escalation in the WebPro functionality of Aspire-derived NEC PBXes, affecting all versions of SV8100, SV9100, SL1100 and SL2100. A specially crafted HTTP POST can elevate privileges to a higher privileged account, including an undocumented develop...

CVE-2019-20028

CVE-2019-20028 affects NEC PBXes running InMail (all SV8100/SV9100/SL1100/SL2100 variants) where the WebPro administration interface allows unauthenticated read-only access to voicemails, greetings, and voice response system content. The root cause is an unauthenticated exposure via WebPro; impac...

CVE-2019-20026

The WebPro interface in NEC SV9100 software releases 7.0 or higher allows unauthenticated remote attackers to reset all existing usernames and passwords to default values via a crafted request...

CVE-2019-20026

CVE-2019-20026 describes a vulnerability in the WebPro interface of NEC SV9100 software releases 7.0 and above, where unauthenticated remote attackers can reset all existing usernames and passwords to default values via a crafted request. The Red Hat entry corroborates this issue. The available d...

NEC Electra Elite IPK II WebPro 01.03.01 - Session Enumeration

Title: NEC Electra Elite IPK II WebPro 01.03.01 - Session Enumeration Author: Cold z3ro Date: 2020-05-04 Homepage: https://www.0x30.cc/ Vendor Homepage: https://www.nec.com Version: 01.03.01 Discription: NEC SL2100 NEC Electra Elite IPK II WebPro Session Enumeration = $maxproc while pcntlwaitpid0...

NEC Electra Elite IPK II WebPro 01.03.01 - Session Enumeration Exploit

Exploit for hardware platform in category web applications Title: NEC Electra Elite IPK II WebPro 01.03.01 - Session Enumeration Author: Cold z3ro Homepage: https://www.0x30.cc/ Vendor Homepage: https://www.nec.com Version: 01.03.01 Discription: NEC SL2100 NEC Electra Elite IPK II WebPro Session...

NEC Electra Elite IPK II WebPro 01.03.01 Session Enumeration

Title: NEC Electra Elite IPK II WebPro 01.03.01 - Session Enumeration Author: Cold z3ro Date: 2020-05-04 Homepage: https://www.0x30.cc/ Vendor Homepage: https://www.nec.com Version: 01.03.01 Discription: NEC SL2100 NEC Electra Elite IPK II WebPro Session Enumeration = $maxproc while pcntlwaitpid0...

Information disclosure

NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session IDs that result in Account Information Disclosure via Home.htm?sessionId=&GOTO8 URIs...

CVE-2018-11741

NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session IDs that result in Account Information Disclosure via Home.htm?sessionId=&GOTO8 URIs...

CVE-2018-11742

NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Password Storage in the Web UI...

CVE-2018-11742

NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Password Storage in the Web UI...

CVE-2018-11741

CVE-2018-11741 affects NEC Univerge Sv9100 WebPro 6.00.00. The vulnerability is predictable session IDs that can disclose account information via Home.htm?sessionId=#####&GOTO(8). Affected component is the WebPro web interface; root cause is predictable session identifiers. Impact per documents i...