5 matches found
CVE-2023-25356
CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument Delimiters in a Command. XMPP users are able to inject arbitrary arguments into a system command, which can be used to read files from, and write files to, the sipXcom server. This can also be leverage...
CVE-2023-25356
CVE-2023-25356 affects CoreDial sipXcom up to and including 21.04. The issue is Improper Neutralization of Argument Delimiters in a Command via XMPP, allowing injection of arbitrary arguments into a system command, enabling reading and writing files on the sipXcom server and potentially remote co...
CVE-2023-25356
CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument Delimiters in a Command. XMPP users are able to inject arbitrary arguments into a system command, which can be used to read files from, and write files to, the sipXcom server. This can also be leverage...
CoreDial sipXcom sipXopenfire 21.04 Remote Command Execution / Weak Permissions
¯¯¯¯¯¯¯/ ༼ つ ◕◕ ༽つ ง'̀-'́ง ╯°□°)╯︵ ┻━┻ ヽ´ー`ノ /¯¯ ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ Product: sipXcom sipXopenfire Vendor: CoreDial Name: "sipXcom sipXopenfire XMPP message system command argument injection and insecure service file permissions RCE" Version:...
CoreDial sipXcom sipXopenfire 21.04 Remote Command Execution / Weak Permissionsundefined Exploit
CoreDial sipXcom sipXopenfire versions 21.04 and below suffer from XMPP message system command argument injection and insecure service file permissions that when chained together gives root. ¯¯¯¯¯¯¯/ ༼ つ ◕◕ ༽つ ง'̀-'́ง ╯°□°)╯︵ ┻━┻ ヽ´ー`ノ /¯¯...