Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded 2021/09/15 1:15 p.m.14 views

CVE-2021-40845

The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded files is checked, allowing execution of PHP code under the /cmd directory...

8.8CVSS0.26958EPSS
Exploits7References4
Prion
Prionadded 2021/09/15 1:15 p.m.22 views

Design/Logic Flaw

The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded files is checked, allowing execution of PHP code under the /cmd directory...

6.5CVSS8.8AI score0.26958EPSS
Exploits7References4Affected Software1
CVE
CVEadded 2021/09/15 12:39 p.m.95 views

CVE-2021-40845

Zenitel AlphaCom XE Audio Server (AlphaWeb XE) up to version 11.2.3.10 exposes an authenticated file-upload path in the Custom Scripts tab (php/index.php) that does not validate file content or extension. Uploaded files can execute PHP code under /cmd, enabling remote code execution when an attac...

8.8CVSS8.8AI score0.26958EPSS
Exploits7References4Affected Software1
Cvelist
Cvelistadded 2021/09/15 12:39 p.m.18 views

CVE-2021-40845

The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded files is checked, allowing execution of PHP code under the /cmd directory...

9.2AI score0.26958EPSS
Exploits7References4
0day.today
0day.todayadded 2021/09/15 12:0 a.m.407 views

Zenitel AlphaCom XE Audio Server 11.2.3.10 Shell Upload Vulnerability

Zenitel AlphaCom XE Audio Server versions up to 11.2.3.10 have a web interface called AlphaWeb XE that allows for a remote shell upload. I. VULNERABILITY ------------------------- AlphaWeb XE - Authenticated Insecure File Upload leading to RCE II. CVE REFERENCE -------------------------...

8.8CVSS0.1AI score0.26958EPSS
Exploits7
Packet Storm
Packet Stormadded 2021/09/15 12:0 a.m.200 views

Zenitel AlphaCom XE Audio Server 11.2.3.10 Shell Upload

Exploit Title: AlphaWeb XE - Authenticated Insecure File Upload leading to RCE CVE-2021-40845 Date: 09/09/2021 Exploit Author: Ricardo Ruiz @ricardojoserf Vendor website: https://www.zenitel.com/ Product website: https://wiki.zenitel.com/wiki/AlphaWeb CVE: CVE-2021-40845...

0.26958EPSS
Exploits7
Packet Storm
Packet Stormadded 2021/09/14 12:0 a.m.248 views

Zenitel AlphaCom XE Audio Server 11.2.3.10 Shell Upload

I. VULNERABILITY ------------------------- AlphaWeb XE - Authenticated Insecure File Upload leading to RCE II. CVE REFERENCE ------------------------- CVE-2021-40845 III. VENDOR ------------------------- https://www.zenitel.com/ IV. DESCRIPTION ------------------------- The web part of Zenitel...

0.2AI score0.26958EPSS
Exploits7
GithubExploit
GithubExploitadded 2021/09/10 10:23 a.m.156 views

Exploit for Unrestricted Upload of File with Dangerous Type in Zenitel Alphacom_Xe_Audio_Server

CVE-2021-40845 I. VULNERABILITY ------------------------- Alp...

8.8CVSS9AI score0.26958EPSS
Exploits7
Rows per page
Query Builder