26 matches found
EUVD-2023-37910
Malicious code in bioql PyPI...
CVE-2023-33760
SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize a default SSL certificate. This issue can allow attackers to eavesdrop on communications via a man-in-the-middle attack...
CVE-2023-33758
Splicecom Maximiser Soft PBX v1.5 and before was discovered to contain a cross-site scripting XSS vulnerability via the CLIENTNAME and DEVICEGUID fields in the login component...
CVE-2023-33759
SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts, allowing attackers to bypass authentication via a brute force attack...
CVE-2023-33760
SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize a default SSL certificate. This issue can allow attackers to eavesdrop on communications via a man-in-the-middle attack...
CVE-2023-33759
SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts, allowing attackers to bypass authentication via a brute force attack...
CVE-2023-33758
Splicecom Maximiser Soft PBX v1.5 and before was discovered to contain a cross-site scripting XSS vulnerability via the CLIENTNAME and DEVICEGUID fields in the login component...
CVE-2023-33759
SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts, allowing attackers to bypass authentication via a brute force attack...
CVE-2023-33760
SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize a default SSL certificate. This issue can allow attackers to eavesdrop on communications via a man-in-the-middle attack...
Design/Logic Flaw
SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize a default SSL certificate. This issue can allow attackers to eavesdrop on communications via a man-in-the-middle attack...
Authentication flaw
SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts, allowing attackers to bypass authentication via a brute force attack...
Cross site scripting
Splicecom Maximiser Soft PBX v1.5 and before was discovered to contain a cross-site scripting XSS vulnerability via the CLIENTNAME and DEVICEGUID fields in the login component...
CVE-2023-33758
Splicecom Maximiser Soft PBX v1.5 and before was discovered to contain a cross-site scripting XSS vulnerability via the CLIENTNAME and DEVICEGUID fields in the login component...
PT-2024-12441 · Splicecom · Splicecom Maximiser Soft Pbx
Name of the Vulnerable Software and Affected Versions: SpliceCom Maximiser Soft PBX versions 1.5 and before Description: The issue allows attackers to eavesdrop on communications via a man-in-the-middle attack because the software utilizes a default SSL certificate. Recommendations: For SpliceCom...
CVE-2023-33758
Splicecom Maximiser Soft PBX v1.5 and before was discovered to contain a cross-site scripting XSS vulnerability via the CLIENTNAME and DEVICEGUID fields in the login component...
SpliceCom Maximiser Soft PBX Security Breach
Splicecom Maximiser Soft PBX is an IP phone. A security vulnerability exists in SpliceCom Maximiser Soft PBX v1.5 version and prior versions, which stems from Unrestricted Excessive Authentication Attempts UEAL, which allows an attacker to bypass authentication via brute force attack...
CVE-2023-33760
The CVE-2023-33760 entry concerns SpliceCom Maximiser Soft PBX, affected in version 1.5 and earlier. The root cause is the use of a default SSL certificate, which enables man-in-the-middle eavesdropping on communications. Impact is limited to confidentiality (C:H) with no integrity or availabilit...
CVE-2023-33758
Splicecom Maximiser Soft PBX v1.5 and earlier is affected by a cross-site scripting (XSS) vulnerability in the login component, exploitable via the CLIENT_NAME and DEVICE_GUID fields. The issue is documented across multiple sources (NVD/Red Hat/CVE lists) with a CVSSv3.1 base score of 6.1 (MEDIUM...
Splicecom Maximiser Soft PBX Security Breach
Splicecom Maximiser Soft PBX is an IP phone. A security vulnerability exists in Splicecom Maximiser Soft PBX v1.5 and prior versions, which stems from a cross-site scripting XSS vulnerability in the CLIENTNAME and DEVICEGUID fields in the login component...
CVE-2023-33759
SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts, allowing attackers to bypass authentication via a brute force attack...