CVE-2023-25356

CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument Delimiters in a Command. XMPP users are able to inject arbitrary arguments into a system command, which can be used to read files from, and write files to, the sipXcom server. This can also be leverage...

EUVD-2023-29313

Malicious code in bioql PyPI...

CVE-2023-25355

CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. A user who has the ability to run commands as the daemon user on a sipXcom server can overwrite a service file, and escalate their privileges to root...

CVE-2023-25356

CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument Delimiters in a Command. XMPP users are able to inject arbitrary arguments into a system command, which can be used to read files from, and write files to, the sipXcom server. This can also be leverage...

CVE-2023-25355

CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. A user who has the ability to run commands as the daemon user on a sipXcom server can overwrite a service file, and escalate their privileges to root...

CVE-2023-25356

CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument Delimiters in a Command. XMPP users are able to inject arbitrary arguments into a system command, which can be used to read files from, and write files to, the sipXcom server. This can also be leverage...

CVE-2023-25355

CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. A user who has the ability to run commands as the daemon user on a sipXcom server can overwrite a service file, and escalate their privileges to root...

Command injection

CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument Delimiters in a Command. XMPP users are able to inject arbitrary arguments into a system command, which can be used to read files from, and write files to, the sipXcom server. This can also be leverage...

CVE-2023-25355

CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. A user who has the ability to run commands as the daemon user on a sipXcom server can overwrite a service file, and escalate their privileges to root...

CVE-2023-25356

CVE-2023-25356 affects CoreDial sipXcom up to and including 21.04. The issue is Improper Neutralization of Argument Delimiters in a Command via XMPP, allowing injection of arbitrary arguments into a system command, enabling reading and writing files on the sipXcom server and potentially remote co...

CVE-2023-25355

CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. A user who has the ability to run commands as the daemon user on a sipXcom server can overwrite a service file, and escalate their privileges to root...

CVE-2023-25356

CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument Delimiters in a Command. XMPP users are able to inject arbitrary arguments into a system command, which can be used to read files from, and write files to, the sipXcom server. This can also be leverage...

CVE-2023-25355

CoreDial sipXcom (sipXopenfire component) up to and including version 21.04 is affected by insecure permissions that allow a user who can run commands as the daemon user to overwrite a service file and escalate to root. The CVE description and multiple sources (NVD, Red Hat, PRION, PT-Security, a...

CoreDial sipXcom sipXopenfire 操作系统命令注入漏洞

CoreDial sipXcom sipXopenfire is a telecommunications application from CoreDial, Inc. An operating system command injection vulnerability exists in CoreDial sipXcom sipXopenfire version 21.04 and earlier, which stems from weak file permissions and can be exploited by an attacker to execute comman...

CoreDial sipXcom sipXopenfire 参数注入漏洞

CoreDial sipXcom sipXopenfire is a telecommunications application from CoreDial, Inc. A parameter injection vulnerability exists in CoreDial sipXcom sipXopenfire version 21.04 and earlier, which stems from the presence of operating system command parameter injection that can be exploited by an...

CoreDial sipXcom sipXopenfire 21.04 Remote Command Execution / Weak Permissions

¯¯¯¯¯¯¯/ ༼ つ ◕◕ ༽つ ง'̀-'́ง ╯°□°）╯︵ ┻━┻ ヽ´ー｀ノ /¯¯ ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ Product: sipXcom sipXopenfire Vendor: CoreDial Name: "sipXcom sipXopenfire XMPP message system command argument injection and insecure service file permissions RCE" Version:...

PT-2023-2278 · Coredial · Sipxcom

Name of the Vulnerable Software and Affected Versions: CoreDial sipXcom versions up to and including 21.04 Description: The issue is related to Improper Neutralization of Argument Delimiters in a Command, allowing XMPP users to inject arbitrary arguments into a system command. This can be used to...