17 matches found
EUVD-2025-16371
Malicious code in bioql PyPI...
CVE-2025-48047
An authenticated user can perform command injection via unsanitized input to the NetFax Server’s ping functionality via the /test.php endpoint...
CVE-2025-48047
An authenticated user can perform command injection via unsanitized input to the NetFax Server’s ping functionality via the /test.php endpoint...
CVE-2025-48047 MICI Network Co. Ltd. NetFax Server Command Injection
An authenticated user can perform command injection via unsanitized input to the NetFax Server’s ping functionality via the /test.php endpoint...
CVE-2025-48047
CVE-2025-48047: AFFECTED product is NetFax Server. An authenticated user can trigger a command injection through unsanitized input to the ping functionality exposed at /test.php. Root cause: improper sanitization of input in the ping endpoint allows execution of arbitrary commands on the server. ...
CVE-2025-48047 MICI Network Co. Ltd. NetFax Server Command Injection
An authenticated user can perform command injection via unsanitized input to the NetFax Server’s ping functionality via the /test.php endpoint...
CVE-2025-48046 MICI Network Co. Ltd. NetFax Server Disclosure of Stored Passwords in Cleartext
An authenticated user can disclose the cleartext password of a configured SMTP server via an HTTP GET request to the /config.php endpoint...
CVE-2025-48046 MICI Network Co. Ltd. NetFax Server Disclosure of Stored Passwords in Cleartext
An authenticated user can disclose the cleartext password of a configured SMTP server via an HTTP GET request to the /config.php endpoint...
CVE-2025-48045 MICI Network Co. Ltd. NetFax Server Default Administrator Credentials Disclosure
An unauthenticated HTTP GET request to the /client.php endpoint will disclose the default administrator user credentials...
CVE-2025-48045 MICI Network Co. Ltd. NetFax Server Default Administrator Credentials Disclosure
An unauthenticated HTTP GET request to the /client.php endpoint will disclose the default administrator user credentials...
PT-2025-23149 · Mici Network Co. · Netfax Server
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An unauthenticated HTTP GET request to the "/client.php" endpoint will disclose the default administrator user credentials. Recommendations: At the moment, there is no information about a...
PT-2025-23150 · Mici Network Co. · Netfax Server
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An authenticated user can disclose the cleartext password of a configured SMTP server via an HTTP GET request to the "/config.php" endpoint. Recommendations: At the moment, there is no...
MICI NetFax Server 安全漏洞
MICI NetFax Server is a product suite from China's MICI Corporation MICI designed to receive fax messages to user mailboxes via e-mail traffic. A security vulnerability exists in MICI NetFax Server versions prior to 3.0.1.0, which stems from insufficient cleanup of inputs to the ping feature of...
CVE-2025-48045, CVE-2025-48046, CVE-2025-48047: MICI NetFax Server Product Vulnerabilities (NOT FIXED)
In the course of a penetration testing engagement, Rapid7 discovered three vulnerabilities in MICI Network Co., Ltd’s NetFax server versions 3.0.1.0. These issues allowed for an authenticated attack chain resulting in Remote Code Execution RCE against the device as the root user. While...
MICI NetFax Server 安全漏洞
MICI NetFax Server is a product suite from China's MICI Corporation MICI designed to receive fax messages to user mailboxes via e-mail traffic. A security vulnerability exists in MICI NetFax Server versions prior to 3.0.1.0, which originates from the possibility that an authenticated user could...
MICI NetFax Server 安全漏洞
MICI NetFax Server is a product suite from China's MICI Corporation MICI designed to receive fax messages to user mailboxes via e-mail traffic. A security vulnerability exists in MICI NetFax Server versions prior to 3.0.1.0, which stems from an unauthenticated HTTP GET request that could disclose...
PT-2025-23151 · Unknown · Netfax Server
Name of the Vulnerable Software and Affected Versions: NetFax Server affected versions not specified Description: An authenticated user can perform command injection via unsanitized input to the NetFax Server’s ping functionality via the "/test.php" endpoint. Recommendations: At the moment, there...