108 matches found
Pascom CPS Server-Side Request Forgery
Pascom versions before 7.20 packaged with Cloud Phone System contain a known server-side request forgery vulnerability. id: CVE-2021-45967 info: name: Pascom CPS Server-Side Request Forgery author: dwisiswant0 severity: critical description: Pascom versions before 7.20 packaged with Cloud Phone...
CVE-2026-12223
The CVE affects Yealink SIP-T46U with firmware 108.86.0.118, specifically the Web FastCGI Service component. The vulnerability lies in the mod_webd.TFTPUploadIperf function within /api/inner/tftpuploadiperf, where manipulating the ip/port argument leads to command injection. Exploitation is descr...
Asterisk 跨站脚本漏洞
Asterisk is a software for PBX systems developed by Asterisk OpenSource. It runs on Linux systems and supports IP calls using SIP, IAX, and H323 protocols. Versions prior to 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2 have cross-site scripting vulnerabilities. These vulnerabilities stem from...
EUVD-2008-6856
Malware in sbrugna...
EUVD-2019-4701
Malware in sbrugna...
EUVD-2008-6854
Malware in sbrugna...
EUVD-2019-19326
Malware in sbrugna...
EUVD-2008-6855
Malware in sbrugna...
EUVD-2017-6815
Malware in sbrugna...
EUVD-2019-19325
Malware in sbrugna...
EUVD-2022-32491
Malicious code in bioql PyPI...
Asterisk 安全漏洞
Asterisk is an Asterisk open source software for PBX systems that runs on Linux and supports IP calls using SIP, IAX, and H323 protocols. Asterisk version 20.15.2 and versions prior to 22.5.2 have a security vulnerability that stems from the getauthorizationheader function returning NULL resultin...
CVE-2023-22279
MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allow a remote unauthenticated attacker to execute an arbitrary OS command...
CVE-2022-28005
An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server via /Electron/download directory traversal in conjunction with a path component that uses...
CVE-2021-45966
An issue was discovered in Pascom Cloud Phone System before 7.20.x. In the management REST API, /services/apply in exd.pl allows remote attackers to execute arbitrary code via shell metacharacters...
CVE-2019-9972
PhoneSystem Terminal in 3CX Phone System Debian based installation 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of " followed by " mishandling...
CVE-2019-13176
An issue was discovered in the 3CX Phone system web management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx component is affected by XXE via a crafted XML document in POST data. There is potential to use this for SSRF reading local files, outbound HTTP, and outbound DNS...
CVE-2019-9971
PhoneSystem Terminal in 3CX Phone System Debian based installation 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z aka postrotate-command option to tcpdump can be unsafe when used in conjunction with sud...
WombatDialer 安全漏洞
WombatDialer is a powerful predictive dialer for Asterisk PBX from WombatDialer. A security vulnerability exists in WombatDialer versions prior to 25.02 that stems from mishandling of cookie sessions, leading to session identity disclosure...
Asterisk 安全漏洞
Asterisk is an Asterisk open source software for PBX systems that runs on Linux and supports IP calls using SIP, IAX, and H323 protocols. Asterisk v22 has a security vulnerability that originates from the execution of arbitrary code via the actioncreateconfig function...