28 matches found
EUVD-2007-3424
Malware in sbrugna...
EUVD-2008-1258
Malware in sbrugna...
EUVD-2008-1257
Malware in sbrugna...
EUVD-2008-1259
Malware in sbrugna...
EUVD-2007-3425
Malware in sbrugna...
EUVD-2008-1256
Malware in sbrugna...
Cross site scripting
Cross-site scripting XSS vulnerability in the web interface on the central phone server for the Snom 320 SIP Phone allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Memory corruption
snomControl.swf in the central phone server for the Snom 320 SIP Phone allows remote attackers to cause a denial of service application crash and corruption of call logs via a "'; double quote, quote, close parenthesis, semicolon sequence in the "Call a number" field...
CVE-2008-1250
Multiple cross-site request forgery CSRF vulnerabilities in the web interface on the central phone server for the Snom 320 SIP Phone allow remote attackers to perform actions as the phone user, as demonstrated by inserting an address-book entry containing an XSS sequence...
CVE-2008-1248
The web interface on the central phone server for the Snom 320 SIP Phone allows remote attackers to make arbitrary phone calls via the "Call a number" field. NOTE: this might overlap CVE-2007-3440...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the web interface on the central phone server for the Snom 320 SIP Phone allow remote attackers to perform actions as the phone user, as demonstrated by inserting an address-book entry containing an XSS sequence...
CVE-2008-1251
Cross-site scripting XSS vulnerability in the web interface on the central phone server for the Snom 320 SIP Phone allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Design/Logic Flaw
The web interface on the central phone server for the Snom 320 SIP Phone allows remote attackers to make arbitrary phone calls via the "Call a number" field. NOTE: this might overlap CVE-2007-3440...
CVE-2008-1250
Multiple cross-site request forgery CSRF vulnerabilities in the web interface on the central phone server for the Snom 320 SIP Phone allow remote attackers to perform actions as the phone user, as demonstrated by inserting an address-book entry containing an XSS sequence...
CVE-2008-1248
The web interface on the central phone server for the Snom 320 SIP Phone allows remote attackers to make arbitrary phone calls via the "Call a number" field. NOTE: this might overlap CVE-2007-3440...
CVE-2008-1249
snomControl.swf in the central phone server for the Snom 320 SIP Phone allows remote attackers to cause a denial of service application crash and corruption of call logs via a "'; double quote, quote, close parenthesis, semicolon sequence in the "Call a number" field...
CVE-2008-1250
The CVE-2008-1250 case concerns the web interface of the central phone server in the Snom 320 SIP Phone. It describes multiple CSRF vulnerabilities that allow remote attackers to perform actions as the phone user, demonstrated by inserting an address-book entry containing an XSS sequence. The ava...
CVE-2008-1251
The CVE-2008-1251 entry concerns a Cross-site Scripting (XSS) vulnerability in the web interface of the central phone server for the Snom 320 SIP Phone. The vulnerability could allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Per the connected data, the CVSS ...
CVE-2008-1248
The affected product is the Snom 320 SIP Phone. The vulnerability exists in the web interface (web server on port 1800) that allows remote attackers to place calls to arbitrary numbers via the "Call a number" field. Root cause details are not explicitly provided in the documents beyond this behav...
CVE-2007-3439
The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, and snom320 jffs23.36, allows remote attackers to read a list of missed calls, received calls, and dialed numbers via a direct request to the web server on port 1800...