Lucene search
+L

120 matches found

Cvelist
Cvelist
added 2021/04/23 8:53 p.m.28 views

CVE-2021-31584

Sipwise C5 NGCP wwwcsc version 3.6.4 up to and including platform NGCP CE mr3.8.13 allows call/click2dial CSRF attacks for actions with administrative privileges...

9AI score0.00926EPSS
Exploits3References5
Cvelist
Cvelist
added 2021/04/23 8:52 p.m.21 views

CVE-2021-31583

Sipwise C5 NGCP WWW Admin version 3.6.7 up to and including platform version NGCP CE 3.0 has multiple authenticated stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user: Stored XSS in...

5.6AI score0.01123EPSS
Exploits3References5
CVE
CVE
added 2021/04/23 8:52 p.m.59 views

CVE-2021-31583

Affected software: Sipwise C5 NGCP WWW Admin (NGCP CE 3.0 era; also NGCP www_admin 3.6.7). Description and connected sources document multiple authenticated stored and reflected XSS vulnerabilities arising when input to several scripts/parameters is not properly sanitized. Confirmed vulnerable lo...

5.4CVSS5.3AI score0.01123EPSS
Exploits3References5Affected Software1
0day.today
0day.today
added 2021/04/23 12:0 a.m.61 views

Sipwise C5 NGCP CSC - Click2Dial Cross-Site Request Forgery Vulnerability

Exploit Title: Sipwise C5 NGCP CSC - Click2Dial Cross-Site Request Forgery CSRF Exploit Author: LiquidWorm Vendor Homepage: https://www.sipwise.com Sipwise C5 NGCP CSC CSRF Click2Dial Exploit Vendor: Sipwise GmbH Product web page: https://www.sipwise.com Affected version: =CEm39.3.1 NGCP wwwadmin...

0.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/04/23 12:0 a.m.127 views

Sipwise C5 NGCP CSC Multiple Stored/Reflected XSS Vulnerabilities

Summary Sipwise C5 also known as NGCP - the Next Generation Communication Platform is a SIP-based Open Source Class 5 VoIP soft-switch platform that allows you to provide rich telephony services. It offers a wide range of features e.g. call forwarding, voicemail, conferencing etc. that can be...

5.4CVSS6.2AI score0.01123EPSS
Exploits3
Zero Science Lab
Zero Science Lab
added 2021/04/23 12:0 a.m.148 views

Sipwise C5 NGCP CSC CSRF Click2Dial Exploit

Summary Sipwise C5 also known as NGCP - the Next Generation Communication Platform is a SIP-based Open Source Class 5 VoIP soft-switch platform that allows you to provide rich telephony services. It offers a wide range of features e.g. call forwarding, voicemail, conferencing etc. that can be...

8.8CVSS7.3AI score0.00926EPSS
Exploits3
CNNVD
CNNVD
added 2021/04/23 12:0 a.m.6 views

Sipwise C5 NGCP CSC 跨站请求伪造漏洞

Sipwise C5 NGCP CSC is an application system from Sipwise Austria. A core system for unified communications solutions. A cross-site request forgery vulnerability exists in Sipwise C5 NGCP CSC 3.6.7, which can be exploited by an attacker for cross-site request forgery...

8.8CVSS5.3AI score0.00926EPSS
Exploits3References6
Exploit DB
Exploit DB
added 2021/04/23 12:0 a.m.436 views

Sipwise C5 NGCP CSC - Click2Dial Cross-Site Request Forgery (CSRF)

Exploit Title: Sipwise C5 NGCP CSC - Click2Dial Cross-Site Request Forgery CSRF Date: 13.04.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.sipwise.com Sipwise C5 NGCP CSC CSRF Click2Dial Exploit Vendor: Sipwise GmbH Product web page: https://www.sipwise.com Affected version:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/23 12:0 a.m.424 views

Sipwise C5 NGCP CSC - 'Multiple' Persistent Cross-Site Scripting (XSS)

Exploit Title: Sipwise C5 NGCP CSC - 'Multiple' Stored/Reflected Cross-Site Scripting XSS Date: 13.04.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.sipwise.com Sipwise C5 NGCP CSC Multiple Stored/Reflected XSS Vulnerabilities Vendor: Sipwise GmbH Product web page:...

7.4AI score
Exploits0
CNVD
CNVD
added 2021/03/01 12:0 a.m.7 views

Weak Password Vulnerability in TP-LINK Archer C5

Archer C5 is a wireless router product. A weak password vulnerability exists in TP-LINK Archer C5. An attacker can exploit the vulnerability to log into the system backend and obtain sensitive information...

7AI score
Exploits0
Prion
Prion
added 2020/12/26 2:15 a.m.18 views

Cross site scripting

A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9201211 beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N,...

7.5CVSS9.3AI score0.07643EPSS
Exploits3References4Affected Software1
ThreatPost
ThreatPost
added 2019/12/18 6:13 p.m.97 views

TP-Link Routers Give Cyberattackers an Open Door to Business Networks

A firmware vulnerability in TP-Link Archer C5 v4 routers used in enterprise and home environments could allow unauthorized, remote access to the device with administrative privileges. The bug CVE-2017-7405 affects models that run firmware version 3.16.0 0.9.1 v600c.0 Build 180124 Rel.28919n. Firs...

7.5CVSS9.4AI score0.01558EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2019/05/08 12:0 a.m.8 views

Rockwell Automation DeviceLink - mini(1f) to conductor(5m) 1485D-A1FM5-C5 Discrete I/O

Binary data 752729.prm...

7.3AI score
Exploits0
NVD
NVD
added 2018/11/26 3:29 a.m.16 views

CVE-2018-19537

TP-Link Archer C5 devices through V2160201US allow remote command execution via shell metacharacters on the wandynhostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. The default password of admin ma...

9CVSS7.3AI score0.05984EPSS
Exploits1References1
OSV
OSV
added 2018/11/26 3:29 a.m.3 views

CVE-2018-19537

TP-Link Archer C5 devices through V2160201US allow remote command execution via shell metacharacters on the wandynhostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. The default password of admin ma...

7.2CVSS5.9AI score0.05984EPSS
Exploits1References1
Prion
Prion
added 2018/11/26 3:29 a.m.17 views

Default credentials

TP-Link Archer C5 devices through V2160201US allow remote command execution via shell metacharacters on the wandynhostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. The default password of admin ma...

9CVSS7.4AI score0.05984EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/11/26 3:0 a.m.49 views

CVE-2018-19537

CVE-2018-19537 affects TP-Link Archer C5 devices (V2_160201_US and earlier) and allows remote command execution via shell metacharacters in the wan_dyn_hostname line of a configuration file. The file is encrypted with the key 478DA50BF9E3D2CF and uploaded through the web GUI by using a web admin ...

9CVSS7.3AI score0.05984EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/11/26 3:0 a.m.26 views

CVE-2018-19537

TP-Link Archer C5 devices through V2160201US allow remote command execution via shell metacharacters on the wandynhostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. The default password of admin ma...

7.4AI score0.05984EPSS
Exploits1References1
CNVD
CNVD
added 2018/11/26 12:0 a.m.6 views

TP-Link Archer C5 Remote Command Execution Vulnerability

TP-LINK Archer C5 is a wireless router product from China P&L TP-LINK. A security vulnerability exists in TP-Link Archer C5 V2160201US and previous versions. The vulnerability can be exploited by an attacker to execute commands with the help of the 'wandynhostname' parameter of the configuration...

9CVSS7.2AI score0.05984EPSS
Exploits1References1
Hacker One
Hacker One
added 2016/04/22 5:38 p.m.23 views

Concrete CMS: ProBlog 2.6.6 CSRF Exploit

Report Because the ProBlogs plugin did not validate the anti-csrf token on a POST request. A victim who is logged in could be fooled into clicking a malicious form styled to look like a link, image, etc which would create a page in their C5 website. Because the ProBlogs plugin does not validate t...

6.5AI score
Exploits0
Rows per page
Query Builder