28 matches found
EUVD-2018-17546
Malware in sbrugna...
EUVD-2018-17547
Malware in sbrugna...
EUVD-2018-17548
Malware in sbrugna...
Mitel Connect Mobility Router Cross-Site Request Forgery Vulnerability
Mitel Connect Mitel ShoreTel is a software for office communication from Mitel Canada. The software provides access to corporate contacts, support for selecting contacts to open conferences, and an interface to manage calls and voicemail. A security vulnerability exists in Mitel Connect Mobility...
The vulnerability of the “page parameter” in Mitel Connect OnSite conference call systems allows a intruder to inject any desired web script or HTML code.
The vulnerability of the page parameter in Mitel Connect OnSite communication systems is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary web scripts or HTML code remotely...
ShoreTel Mitel Connect ONSITE 19.49.5200.0 - Remote Code Execution
ShoreTel Mitel Connect ONSITE 19.49.5200.0 - Remote Code Execution Exploit Title: ShoreTel / Mitel Connect ONSITE ST14.2 Remote Code Execution Google Dork: +"Public" +"My Conferences" +"Personal Library" +"My Profile" +19.49.5200.0 Date: 01-01-2019 Exploit Author: twosevenzero Vendor Homepage:...
ShoreTel / Mitel Connect ONSITE 19.49.5200.0 - Remote Code Execution
Exploit Title: ShoreTel / Mitel Connect ONSITE ST14.2 Remote Code Execution Google Dork: +"Public" +"My Conferences" +"Personal Library" +"My Profile" +19.49.5200.0 Date: 01-01-2019 Exploit Author: twosevenzero Vendor Homepage: https://www.mitel.com/ Version: 19.49.5200.0 and very likely many...
The vulnerability of the conference communication component in Telecommunications Systems Mitel Connect OnSite and ST14.2 allows a intruder to execute arbitrary code.
The vulnerability of the conference communication components in Mitel Connect OnSite and ST 14.2 systems is related to improper handling of code generation. Exploiting this vulnerability allows an attacker to inject arbitrary code into the generated PHP files and execute it using specially crafte...
The vulnerability of the conference communication component in Telecommunications Systems Mitel Connect OnSite and ST14.2 allows a intruder to execute arbitrary code.
The vulnerability of the conference communication components in Mitel Connect OnSite and ST 14.2 systems relates to improper code generation. Exploiting this vulnerability allows an attacker to inject arbitrary code into the generated PHP file and execute it using specially crafted requests to th...
The vulnerability of the conference communication component in Telecommunications Systems Mitel Connect OnSite and ST14.2 allows a intruder to execute arbitrary code.
The vulnerability of the conference communication components in Mitel Connect OnSite and ST 14.2 systems relates to improper handling of code generation. Exploiting this vulnerability allows a malicious actor to inject arbitrary code into the generated PHP files and execute it using specially...
The vulnerability of the conference communication component in Telecommunications Systems Mitel Connect OnSite and ST14.2 allows a intruder to execute arbitrary code.
The vulnerability of the conference communication components in Mitel Connect OnSite and ST 14.2 systems is related to improper code generation. Exploiting this vulnerability allows an attacker to inject arbitrary code into the generated PHP files and execute it using specially crafted requests t...
Mitel Connect ONSITE and Mitel ST conferencing component PHP vulnerabilities
Mitel Connect ONSITE and Mitel ST are both products of Mitel Corporation of Canada.Mitel Connect ONSITE is a unified communications management appliance.ST is a video conferencing product.conferencing component is one of the components with conferencing capabilities. A security vulnerability exis...
Mitel Connect ONSITE and Mitel ST conferencing component PHP vulnerability (CNVD-2018-07949)
Mitel Connect ONSITE and Mitel ST are both products of Mitel Corporation of Canada.Mitel Connect ONSITE is a unified communications management appliance.ST is a video conferencing product.conferencing component is one of the components with conferencing capabilities. A security vulnerability exis...
Mitel Connect ONSITE and Mitel ST conferencing component PHP vulnerability (CNVD-2018-07950)
Mitel Connect ONSITE and Mitel ST are both products of Mitel Corporation of Canada.Mitel Connect ONSITE is a unified communications management appliance.ST is a video conferencing product.conferencing component is one of the components with conferencing capabilities. A security vulnerability exis...
Mitel Connect ONSITE and Mitel ST conferencing component PHP vulnerability (CNVD-2018-07952)
Mitel Connect ONSITE and Mitel ST are both products of Mitel Corporation of Canada.Mitel Connect ONSITE is a unified communications management appliance.ST is a video conferencing product.conferencing component is one of the components with conferencing capabilities. A security vulnerability exis...
CVE-2018-5780
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page. Successful exploit could...
CVE-2018-5779
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated file using special...
CVE-2018-5781
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrecording.php page. Successful exploit could...
CVE-2018-5782
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow...
Security feature bypass
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page. Successful exploit could...