Lucene search
K

32 matches found

CNNVD
CNNVD
added 2022/03/21 12:0 a.m.4 views

3CX Client 信任管理问题漏洞

3CX is an IP PBX an IP-based corporate phone system based on software open standards that provides complete unified communications. A trust management issue vulnerability exists in 3CX Client, which stems from 3CX Client not properly validating TLS certificates. No detailed vulnerability details...

9.1CVSS5.5AI score0.0107EPSS
Exploits0References5
CNVD
CNVD
added 2019/08/13 12:0 a.m.5 views

3CX Phone Elevation of Privilege Vulnerability

The 3CX Phone is a software-based private branch exchange. It can be used with SIP standard based IP phones, SIP trunks and VoIP gateways to provide a complete communication solution. A security vulnerability exists in 3CX Phone version 15 Windows that originates from the program assigning insecu...

7.8CVSS6.8AI score0.00369EPSS
Exploits1References1
OSV
OSV
added 2019/08/12 12:15 a.m.4 views

CVE-2019-14935

3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link...

7.8CVSS7.1AI score0.00369EPSS
Exploits1References1
OSV
OSV
added 2019/08/08 2:15 p.m.4 views

CVE-2019-13176

An issue was discovered in the 3CX Phone system web management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx component is affected by XXE via a crafted XML document in POST data. There is potential to use this for SSRF reading local files, outbound HTTP, and outbound DNS...

7.5CVSS7.1AI score0.02461EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2019/08/08 2:15 p.m.2 views

CVE-2019-13176

An issue was discovered in the 3CX Phone system web management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx component is affected by XXE via a crafted XML document in POST data. There is potential to use this for SSRF reading local files, outbound HTTP, and outbound DNS...

7.5CVSS5.5AI score0.02461EPSS
Exploits1References3
CNVD
CNVD
added 2018/08/07 12:0 a.m.4 views

3CX Cross-Site Scripting Vulnerability

3CX is an IP telephony device from 3CX USA. A cross-site scripting vulnerability exists in the web server in 3CX version 15.5.8801.3. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

6.1CVSS6AI score0.00692EPSS
Exploits1References1
CNVD
CNVD
added 2018/08/06 12:0 a.m.5 views

3CX Information Disclosure Vulnerability

3CX is an IP telephony device from 3CX USA. An information disclosure vulnerability exists in the web server in 3CX 15.5.8801.3. The vulnerability stems from a failure of the program to properly handle errors in the stack trace. An attacker could exploit this vulnerability to disclose information...

5.3CVSS5.1AI score0.00961EPSS
Exploits1References1
OSV
OSV
added 2018/08/03 6:29 p.m.4 views

CVE-2018-14906

The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces' propertyPath parameters...

6.1CVSS5.8AI score0.00692EPSS
Exploits1References1
OSV
OSV
added 2018/08/03 6:29 p.m.2 views

CVE-2018-14907

The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname...

5.3CVSS5.8AI score0.00961EPSS
Exploits1References1
CNVD
CNVD
added 2018/03/06 12:0 a.m.6 views

3CX Device Path Traversal Vulnerability

3CX devices is an IP phone device from 3CX USA. A path traversal vulnerability exists in 3CX devices. The vulnerability can be exploited to access a file on the server by using the 'file' parameter in the /api/RecordingList/download?file=request...

6.5CVSS6.9AI score0.02423EPSS
Exploits0References1
OSV
OSV
added 2017/10/18 6:29 p.m.4 views

CVE-2017-15359

In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInfo?file=" are the vulnerable parameters. An attacker must be authenticated to exploit this issue to...

6.5CVSS5.8AI score0.06168EPSS
Exploits4References2
CNVD
CNVD
added 2017/10/17 12:0 a.m.62 views

3CX Phone System Directory Traversal Vulnerability

3CX Phone System is a unified communications solution that includes web conferencing, IP telephony, and cell phone clients.Management Console is one of the management console programs. A directory traversal vulnerability exists in Management Console in 3CX Phone System version 15.5.3554.1. An...

6.5CVSS6.6AI score0.06168EPSS
Exploits4References1
Rows per page
Query Builder