28 matches found
Pascom CPS Server-Side Request Forgery
Pascom versions before 7.20 packaged with Cloud Phone System contain a known server-side request forgery vulnerability. id: CVE-2021-45967 info: name: Pascom CPS Server-Side Request Forgery author: dwisiswant0 severity: critical description: Pascom versions before 7.20 packaged with Cloud Phone...
Pascom CPS - Local File Inclusion
Pascom packaged with Cloud Phone System CPS versions before 7.20 contain a known local file inclusion vulnerability. id: CVE-2021-45968 info: name: Pascom CPS - Local File Inclusion author: dwisiswant0 severity: high description: | Pascom packaged with Cloud Phone System CPS versions before 7.20...
CVE-2021-45966
An issue was discovered in Pascom Cloud Phone System before 7.20.x. In the management REST API, /services/apply in exd.pl allows remote attackers to execute arbitrary code via shell metacharacters...
BIT-OPENFIRE-2021-45967
An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints...
VulnCheck KEV: CVE-2021-45967
An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints...
Pascom Cloud Phone System OS Command Injection Vulnerability
Pascom Cloud Phone System is a cloud phone system from Pascom. An operating system command injection vulnerability exists in Pascom Cloud Phone System, which stems from the failure of /services/apply in exd.pl to properly filter the special elements of the construct snippet, which can be exploite...
Pascom Cloud Phone System Path Traversal Vulnerability
Pascom Cloud Phone System is a cloud phone system from Pascom. Used to provide integrated communication solutions for businesses and individuals, Pascom Cloud Phone System is vulnerable to a path traversal vulnerability that stems from a configuration error before nginx and the back-end server...
Pascom Cloud Phone System Server Request Forgery Vulnerability
Pascom Cloud Phone System is a cloud-based phone system from Pascom. A server request forgery vulnerability exists in Pascom Cloud Phone System, which stems from the product's failure to properly validate user input and could be exploited by attackers to probe server intranet resources...
CVE-2021-45967
An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints...
CVE-2021-45968
An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x and in other products. An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394...
CVE-2021-45967
An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints...
CVE-2021-45968
An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x and in other products. An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394...
CVE-2021-45966
An issue was discovered in Pascom Cloud Phone System before 7.20.x. In the management REST API, /services/apply in exd.pl allows remote attackers to execute arbitrary code via shell metacharacters...
CVE-2021-45966
An issue was discovered in Pascom Cloud Phone System before 7.20.x. In the management REST API, /services/apply in exd.pl allows remote attackers to execute arbitrary code via shell metacharacters...
Server side request forgery (ssrf)
An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x and in other products. An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394...
Code injection
An issue was discovered in Pascom Cloud Phone System before 7.20.x. In the management REST API, /services/apply in exd.pl allows remote attackers to execute arbitrary code via shell metacharacters...
Path traversal
An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints...
CVE-2021-45967
Pascom Cloud Phone System before 7.20.x is affected by a path traversal vulnerability caused by a configuration mismatch between NGINX and the backend Tomcat, exposing unintended endpoints. Multiple connected sources corroborate a pre-7.20.x issue with path traversal (and related exposure). Remed...
CVE-2021-45967
An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints...
CVE-2021-45967
An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints...