EUVD-2026-32276

Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate command. This issue was fixed in versions below: - NCP: version 1.24.0250 - IPx series: version 6.61.0040 - CCT-1668: version...

CVE-2026-35087

Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate command. This issue was fixed in versions below: - NCP: version 1.24.0250 - IPx series: version 6.61.0040 - CCT-1668: version...

CVE-2026-35089

In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange which can be obtained without authentication. An unauthenticated attacker can deduce the secure key and obtain admin credentials. This issue was fixed in versions below: - IPx...

CVE-2026-35089

Slican telephone exchanges expose admin credentials because the secure key is generated predictably from exchange properties without authentication. CVE-2026-35089 (and CVE-2026-35087) describe an unauthenticated path to deduce the secure key and gain admin access. Remediations (per affected entr...

Slican多款产品 安全漏洞

Slican IPx, among others, are products of the Polish company Slican. Slican IPx is a series of enterprise communication and IP phone switching systems. Slican CCT is also a series of enterprise communication and IP phone switching systems. Slican MAC is a series of enterprise-level telephone...

PT-2026-43699

Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate command. This issue was fixed in versions below: - NCP: version 1.24.0250 - IPx series: version 6.61.0040 - CCT-1668: version...

Slican多款产品 安全漏洞

Slican NCP are products of the Polish company Slican. Slican NCP is an IP communication server. Slican IPx is a series of enterprise communication and IP phone switching systems. Slican CCT is also a series of enterprise communication and IP phone switching systems. Several Slican products have...

Slican多款产品 安全漏洞

Slican IPL is a product of the Polish company Slican. Slican IPL is an Internet Protocol private branch exchange. Slican IPM is an IP phone exchange server. Slican CCT is a series of enterprise communication and IP phone exchange systems. Several Slican products have security vulnerabilities; the...

WordPress JetEngine plugin <= 3.8.6.1 - Unauthenticated SQL Injection via '_cct_search' Parameter vulnerability

Unauthenticated SQL Injection via 'cctsearch' Parameter vulnerability discovered by hoshino in WordPress Plugin JetEngine versions = 3.8.6.1...

CVE-2026-4352

The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type CCT REST API search endpoint in all versions up to, and including, 3.8.6.1. This is due to the cctsearch parameter being interpolated directly into a SQL query string via sprintf without sanitization or...

CVE-2026-4352

The CVE-2026-4352 entry affects the WordPress JetEngine plugin (versions ≤ 3.8.6.1). The vulnerability is an unauthenticated SQL Injection in the CCT REST API search endpoint via the _cct_search parameter, which is interpolated into a SQL string using sprintf() without sanitization or $wpdb-&gt;p...

WordPress plugin JetEngine SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2023-37759

The CVE-2023-37759 entry concerns Crypto Currency Tracker (CCT) prior to v9.5, where an improper access control in the User Registration page allows unauthenticated attackers to create an Admin account. The vulnerability is triggered via a crafted POST to /en/user/register (as shown in Exploit-DB...

Malicious code in @audi-cct/teaser-feature-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c4bf5b9b172fa13a666e247c29ea5993af008cf7b6371aa719add1ac288724f8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-91 Malicious code in @audi-cct/teaser-feature-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c4bf5b9b172fa13a666e247c29ea5993af008cf7b6371aa719add1ac288724f8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Capilano DesignWorks buffer overflow

Buffer overflow on .CCT file parsing...

DesignWorks Professional 4.3.1 - &#039;.CCT&#039; File Local Stack Buffer Overflow (PoC)

I'm Cn4phux ------ | --, || | ¤ | | | | ! | | | | | | | | |----- |/ | | ¤ | | .. | |! || | |\ | |-----| | | \ ----- | ::: | | | \ || | \ | | ,|. / | \ | | | | | ././,' 8 / ' ' \ | /\ | | " | | | + Application : DesignWorks Professional 4.3.1 + Application's Description : " DesignWorks...