119 matches found
EUVD-2015-2780
Malware in sbrugna...
EUVD-2018-10983
Malware in sbrugna...
EUVD-2017-5516
Malware in sbrugna...
EUVD-2021-30831
Malicious code in bioql PyPI...
Hackers Targeting VoIP Servers By Exploiting Digium Phone Software
VoIP phones using Digium's software have been targeted to drop a web shell on their servers as part of an attack campaign designed to exfiltrate data by downloading and executing additional payloads. "The malware installs multilayer obfuscated PHP backdoors to the web server's file system,...
Quicklert for Digium SQL Injection Vulnerability
Quicklert is an easy-to-use messaging, alerting, and emergency response solution from Quicklert USA, Inc. Quicklert for Digium version 10.0.0 is vulnerable to SQL injection, which originates from the login.jsp page. The vulnerability stems from the application's lack of validation of externally...
CVE-2021-43970
An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 1043 via a .mp3;.jsp filename for a file that begins with audio data bytes. It allows an authenticated low privileged attacker to execute remote code on the target server within the context of...
CVE-2021-43969
The login.jsp page of Quicklert for Digium 10.0.0 1043 is affected by both Blind SQL Injection with Out-of-Band Interaction DNS and Blind Time-Based SQL Injections. Exploitation can be used to disclose all data within the database up to and including the administrative accounts' login IDs and...
CVE-2021-43970
An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 1043 via a .mp3;.jsp filename for a file that begins with audio data bytes. It allows an authenticated low privileged attacker to execute remote code on the target server within the context of...
CVE-2021-43969
The login.jsp page of Quicklert for Digium 10.0.0 1043 is affected by both Blind SQL Injection with Out-of-Band Interaction DNS and Blind Time-Based SQL Injections. Exploitation can be used to disclose all data within the database up to and including the administrative accounts' login IDs and...
Sql injection
The login.jsp page of Quicklert for Digium 10.0.0 1043 is affected by both Blind SQL Injection with Out-of-Band Interaction DNS and Blind Time-Based SQL Injections. Exploitation can be used to disclose all data within the database up to and including the administrative accounts' login IDs and...
Privilege escalation
An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 1043 via a .mp3;.jsp filename for a file that begins with audio data bytes. It allows an authenticated low privileged attacker to execute remote code on the target server within the context of...
Quicklert SQL注入漏洞
Quicklert is an easy-to-use messaging, alerting, and emergency response solution from Quicklert USA, Inc. Quicklert for Digium version 10.0.0 is vulnerable to SQL injection, which originates from the login.jsp page. The vulnerability stems from the application's lack of validation of externally...
Quicklert 代码问题漏洞
Quicklert is an easy-to-use messaging, alerting and emergency response solution from Quicklert USA. Save lives and provide business continuity through early detection, intelligent real-time alerts and response. A security vulnerability exists in Quicklert for Digium 10.0.0 that allows an...
CVE-2021-43970
An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 1043 via a .mp3;.jsp filename for a file that begins with audio data bytes. It allows an authenticated low privileged attacker to execute remote code on the target server within the context of...
CVE-2021-43970
The CVE-2021-43970 entry describes an arbitrary file upload vulnerability in Quicklert for Digium 10.0.0 (1043), exploitable via a crafted .mp3;.jsp filename that begins with audio data bytes in albumimages.jsp. An authenticated, low-privilege attacker can upload such a file and execute remote co...
CVE-2021-43969
The CVE-2021-43969 entry concerns Quicklert for Digium 10.0.0 (1043). The vulnerability is a SQL injection in login.jsp (uname parameter) that enables Blind SQL Injection with Out-of-Band Interaction (DNS) and Blind Time-Based SQL Injections. Impact described in sources is disclosure of all data ...
CVE-2021-43969
The login.jsp page of Quicklert for Digium 10.0.0 1043 is affected by both Blind SQL Injection with Out-of-Band Interaction DNS and Blind Time-Based SQL Injections. Exploitation can be used to disclose all data within the database up to and including the administrative accounts' login IDs and...
Digium Certified Asterisk 安全漏洞
Digium Asterisk is a set of open source telephone exchange PBX system software from Digium, USA. The software supports voicemail, multi-party voice conferencing, interactive voice response IVR, and more. This number is a duplicate of CNNVD-201911-1291, the relevant content has been removed, pleas...
CVE-2021-26906
An issue was discovered in respjsipsession.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash...