120 matches found
CVE-2021-31584
Sipwise C5 NGCP wwwcsc version 3.6.4 up to and including platform NGCP CE mr3.8.13 allows call/click2dial CSRF attacks for actions with administrative privileges...
CVE-2021-31583
Sipwise C5 NGCP WWW Admin version 3.6.7 up to and including platform version NGCP CE 3.0 has multiple authenticated stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user: Stored XSS in...
CVE-2021-31583
Affected software: Sipwise C5 NGCP WWW Admin (NGCP CE 3.0 era; also NGCP www_admin 3.6.7). Description and connected sources document multiple authenticated stored and reflected XSS vulnerabilities arising when input to several scripts/parameters is not properly sanitized. Confirmed vulnerable lo...
Sipwise C5 NGCP CSC - Click2Dial Cross-Site Request Forgery Vulnerability
Exploit Title: Sipwise C5 NGCP CSC - Click2Dial Cross-Site Request Forgery CSRF Exploit Author: LiquidWorm Vendor Homepage: https://www.sipwise.com Sipwise C5 NGCP CSC CSRF Click2Dial Exploit Vendor: Sipwise GmbH Product web page: https://www.sipwise.com Affected version: =CEm39.3.1 NGCP wwwadmin...
Sipwise C5 NGCP CSC Multiple Stored/Reflected XSS Vulnerabilities
Summary Sipwise C5 also known as NGCP - the Next Generation Communication Platform is a SIP-based Open Source Class 5 VoIP soft-switch platform that allows you to provide rich telephony services. It offers a wide range of features e.g. call forwarding, voicemail, conferencing etc. that can be...
Sipwise C5 NGCP CSC CSRF Click2Dial Exploit
Summary Sipwise C5 also known as NGCP - the Next Generation Communication Platform is a SIP-based Open Source Class 5 VoIP soft-switch platform that allows you to provide rich telephony services. It offers a wide range of features e.g. call forwarding, voicemail, conferencing etc. that can be...
Sipwise C5 NGCP CSC 跨站请求伪造漏洞
Sipwise C5 NGCP CSC is an application system from Sipwise Austria. A core system for unified communications solutions. A cross-site request forgery vulnerability exists in Sipwise C5 NGCP CSC 3.6.7, which can be exploited by an attacker for cross-site request forgery...
Sipwise C5 NGCP CSC - Click2Dial Cross-Site Request Forgery (CSRF)
Exploit Title: Sipwise C5 NGCP CSC - Click2Dial Cross-Site Request Forgery CSRF Date: 13.04.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.sipwise.com Sipwise C5 NGCP CSC CSRF Click2Dial Exploit Vendor: Sipwise GmbH Product web page: https://www.sipwise.com Affected version:...
Sipwise C5 NGCP CSC - 'Multiple' Persistent Cross-Site Scripting (XSS)
Exploit Title: Sipwise C5 NGCP CSC - 'Multiple' Stored/Reflected Cross-Site Scripting XSS Date: 13.04.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.sipwise.com Sipwise C5 NGCP CSC Multiple Stored/Reflected XSS Vulnerabilities Vendor: Sipwise GmbH Product web page:...
Weak Password Vulnerability in TP-LINK Archer C5
Archer C5 is a wireless router product. A weak password vulnerability exists in TP-LINK Archer C5. An attacker can exploit the vulnerability to log into the system backend and obtain sensitive information...
Cross site scripting
A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9201211 beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N,...
TP-Link Routers Give Cyberattackers an Open Door to Business Networks
A firmware vulnerability in TP-Link Archer C5 v4 routers used in enterprise and home environments could allow unauthorized, remote access to the device with administrative privileges. The bug CVE-2017-7405 affects models that run firmware version 3.16.0 0.9.1 v600c.0 Build 180124 Rel.28919n. Firs...
Rockwell Automation DeviceLink - mini(1f) to conductor(5m) 1485D-A1FM5-C5 Discrete I/O
Binary data 752729.prm...
CVE-2018-19537
TP-Link Archer C5 devices through V2160201US allow remote command execution via shell metacharacters on the wandynhostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. The default password of admin ma...
CVE-2018-19537
TP-Link Archer C5 devices through V2160201US allow remote command execution via shell metacharacters on the wandynhostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. The default password of admin ma...
Default credentials
TP-Link Archer C5 devices through V2160201US allow remote command execution via shell metacharacters on the wandynhostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. The default password of admin ma...
CVE-2018-19537
CVE-2018-19537 affects TP-Link Archer C5 devices (V2_160201_US and earlier) and allows remote command execution via shell metacharacters in the wan_dyn_hostname line of a configuration file. The file is encrypted with the key 478DA50BF9E3D2CF and uploaded through the web GUI by using a web admin ...
CVE-2018-19537
TP-Link Archer C5 devices through V2160201US allow remote command execution via shell metacharacters on the wandynhostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. The default password of admin ma...
TP-Link Archer C5 Remote Command Execution Vulnerability
TP-LINK Archer C5 is a wireless router product from China P&L TP-LINK. A security vulnerability exists in TP-Link Archer C5 V2160201US and previous versions. The vulnerability can be exploited by an attacker to execute commands with the help of the 'wandynhostname' parameter of the configuration...
Concrete CMS: ProBlog 2.6.6 CSRF Exploit
Report Because the ProBlogs plugin did not validate the anti-csrf token on a POST request. A victim who is logged in could be fooled into clicking a malicious form styled to look like a link, image, etc which would create a page in their C5 website. Because the ProBlogs plugin does not validate t...