32 matches found
EUVD-2017-7446
Malware in sbrugna...
EUVD-2017-7445
Malware in sbrugna...
CVE-2018-12901
A vulnerability in the conferencing component of Mitel ST 14.2, versions GA29 19.49.9400.0 and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient validation for the signin.php page. A successful exploit could allow an attack...
Cross site scripting
A vulnerability in the conferencing component of Mitel ST 14.2, versions GA29 19.49.9400.0 and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient validation for the signin.php page. A successful exploit could allow an attack...
CVE-2018-12901
CVE-2018-12901 affects Mitel ST 14.2 (GA29, 19.49.9400.0) and earlier. The vulnerability is a reflected cross-site scripting (XSS) flaw in the signin.php page caused by insufficient input validation. An unauthenticated attacker could exploit this to execute arbitrary scripts in the victim’s brows...
CVE-2018-12901
A vulnerability in the conferencing component of Mitel ST 14.2, versions GA29 19.49.9400.0 and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient validation for the signin.php page. A successful exploit could allow an attack...
Cross site scripting
A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 21.84.5535.0 and earlier, and Mitel ST 14.2, versions GA27 19.49.5200.0 and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient...
Sql injection
A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 21.84.5535.0 and earlier, and Mitel ST 14.2, versions GA27 19.49.5200.0 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for...
CVE-2018-9101
A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 21.84.5535.0 and earlier, and Mitel ST 14.2, versions GA27 19.49.5200.0 and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient...
CVE-2018-9101
Summary: CVE-2018-9101 is a reflected XSS vulnerability in the Mitel MiVoice Connect conferencing component. The issue affects Mitel MiVoice Connect versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2 GA27 (19.49.5200.0) and earlier. Root cause: insufficient validation on the la...
CVE-2018-9103
A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 21.84.5535.0 and earlier, and Mitel ST 14.2, versions GA27 19.49.5200.0 and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient...
CVE-2018-9103
A CVE entry for CVE-2018-9103 describes a reflected cross-site scripting (XSS) vulnerability in Mitel MiVoice Connect’s conferencing component. Affected products are Mitel MiVoice Connect (R1707-PREM SP1 / 21.84.5535.0 and earlier) and Mitel ST (14.2 GA27 / 19.49.5200.0 and earlier). The issue ar...
CVE-2018-9104
Mit el MiVoice Connect conferencing component is affected by CVE-2018-9104. Affected versions: Mitel MiVoice Connect R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2 GA27 (19.49.5200.0) and earlier. Issue: unauthenticated attacker can trigger a reflected cross-site scripting (XSS) due...
CVE-2018-5782
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow...
Security feature bypass
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated file using special...
Security feature bypass
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow...
CVE-2018-5780
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page. Successful exploit could...
CVE-2018-5781
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrecording.php page. Successful exploit could...
CVE-2018-5779
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated file using special...
CVE-2018-5782
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow...