32 matches found
3CX Client 信任管理问题漏洞
3CX is an IP PBX an IP-based corporate phone system based on software open standards that provides complete unified communications. A trust management issue vulnerability exists in 3CX Client, which stems from 3CX Client not properly validating TLS certificates. No detailed vulnerability details...
3CX Phone Elevation of Privilege Vulnerability
The 3CX Phone is a software-based private branch exchange. It can be used with SIP standard based IP phones, SIP trunks and VoIP gateways to provide a complete communication solution. A security vulnerability exists in 3CX Phone version 15 Windows that originates from the program assigning insecu...
CVE-2019-14935
3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link...
CVE-2019-13176
An issue was discovered in the 3CX Phone system web management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx component is affected by XXE via a crafted XML document in POST data. There is potential to use this for SSRF reading local files, outbound HTTP, and outbound DNS...
CVE-2019-13176
An issue was discovered in the 3CX Phone system web management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx component is affected by XXE via a crafted XML document in POST data. There is potential to use this for SSRF reading local files, outbound HTTP, and outbound DNS...
3CX Cross-Site Scripting Vulnerability
3CX is an IP telephony device from 3CX USA. A cross-site scripting vulnerability exists in the web server in 3CX version 15.5.8801.3. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...
3CX Information Disclosure Vulnerability
3CX is an IP telephony device from 3CX USA. An information disclosure vulnerability exists in the web server in 3CX 15.5.8801.3. The vulnerability stems from a failure of the program to properly handle errors in the stack trace. An attacker could exploit this vulnerability to disclose information...
CVE-2018-14906
The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces' propertyPath parameters...
CVE-2018-14907
The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname...
3CX Device Path Traversal Vulnerability
3CX devices is an IP phone device from 3CX USA. A path traversal vulnerability exists in 3CX devices. The vulnerability can be exploited to access a file on the server by using the 'file' parameter in the /api/RecordingList/download?file=request...
CVE-2017-15359
In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInfo?file=" are the vulnerable parameters. An attacker must be authenticated to exploit this issue to...
3CX Phone System Directory Traversal Vulnerability
3CX Phone System is a unified communications solution that includes web conferencing, IP telephony, and cell phone clients.Management Console is one of the management console programs. A directory traversal vulnerability exists in Management Console in 3CX Phone System version 15.5.3554.1. An...