21 matches found
EUVD-2024-53749
Malicious code in bioql PyPI...
EUVD-2024-53748
Malicious code in bioql PyPI...
CVE-2024-57784
An issue in the component /php/scriptuploads.php of Zenitel AlphaWeb XE v11.2.3.10 allows attackers to execute a directory traversal...
CVE-2024-57785
Zenitel AlphaWeb XE v11.2.3.10 was discovered to contain a local file inclusion vulnerability via the component amcuploads.php...
CVE-2024-57785
Zenitel AlphaWeb XE v11.2.3.10 was discovered to contain a local file inclusion vulnerability via the component amcuploads.php...
CVE-2024-57784
An issue in the component /php/scriptuploads.php of Zenitel AlphaWeb XE v11.2.3.10 allows attackers to execute a directory traversal...
Exploit for CVE-2024-57784
CVE-2024-57784 Exploit Title: Authenticated Directory...
Exploit for CVE-2024-57785
CVE-2024-57785 Exploit Title: Authenticated File Incl...
CVE-2024-57784
An issue in the component /php/scriptuploads.php of Zenitel AlphaWeb XE v11.2.3.10 allows attackers to execute a directory traversal...
CVE-2024-57785
Zenitel AlphaWeb XE v11.2.3.10 was discovered to contain a local file inclusion vulnerability via the component amcuploads.php...
Zenitel AlphaWeb XE 安全漏洞
Zenitel AlphaWeb XE is an embedded web server from Zenitel running on AlphaCom XE. A security vulnerability exists in Zenitel AlphaWeb XE version v11.2.3.10, which stems from a local file inclusion vulnerability discovered via the component amcuploads.php...
CVE-2024-57785
Zenitel AlphaWeb XE v11.2.3.10 is affected by a local file inclusion in the amc_uploads.php component. The CVE-2024-57785 entry notes a LFI vulnerability with network attack vector, requiring high privileges and no user interaction, and it exposes confidentiality risk (C:H/I:N/A:N; CVSS 3.1: 4.9 ...
Zenitel AlphaWeb XE 安全漏洞
Zenitel AlphaWeb XE is an embedded web server from Zenitel running on AlphaCom XE. A security vulnerability exists in Zenitel AlphaWeb XE version v11.2.3.10. An attacker can exploit the vulnerability to read arbitrary files on the application service...
PT-2025-3572 · Zenitel · Zenitel Alphaweb Xe
Name of the Vulnerable Software and Affected Versions: Zenitel AlphaWeb XE version 11.2.3.10 Description: The issue is related to a local file inclusion vulnerability. It affects the component amc uploads.php. There is no information provided about the estimated number of potentially affected...
CVE-2024-57784
CVE-2024-57784 targets Zenitel AlphaWeb XE v11.2.3.10, in the component /php/script_uploads.php, enabling a directory traversal. The issue is documented across multiple feeds as an arbitrary file read vulnerability within the web service’s script_uploads.php path. Public exploit activity exists (...
CVE-2024-57785
Zenitel AlphaWeb XE v11.2.3.10 was discovered to contain a local file inclusion vulnerability via the component amcuploads.php...
CVE-2024-57784
An issue in the component /php/scriptuploads.php of Zenitel AlphaWeb XE v11.2.3.10 allows attackers to execute a directory traversal...
PT-2025-3571 · Zenitel · Zenitel Alphaweb Xe
Name of the Vulnerable Software and Affected Versions: Zenitel AlphaWeb XE version 11.2.3.10 Description: An issue in the component /php/script uploads.php allows attackers to execute a directory traversal. Recommendations: For Zenitel AlphaWeb XE version 11.2.3.10, consider restricting access to...
CVE-2021-40845
The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded files is checked, allowing execution of PHP code under the /cmd directory...
AlphaWeb XE - File Upload Remote Code Execution (Authenticated) Exploit
Exploit Title: AlphaWeb XE - File Upload Remote Code Execution RCE Authenticated Exploit Author: Ricardo Ruiz @ricardojoserf Vendor website: https://www.zenitel.com/ Product website: https://wiki.zenitel.com/wiki/AlphaWeb Example: python3 CVE-2021-40845.py -u "http://$ip:80/" -c "whoami" Referenc...