EUVD-2014-0758

Malware in sbrugna...

EUVD-2017-2575

Malware in sbrugna...

CVE-2024-0840

The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and...

CVE-2024-0840 Grandstream UCM Series IP PBX HTTP Parameter Injection

The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and...

CVE-2024-0840

CVE-2024-0840 affects Grandstream UCM Series IP PBX firmwares prior to 1.0.20.52 (UCM6202/6204/6208/6510). A parameter injection vulnerability in the HTTP interface allows a remote, authenticated attacker to execute arbitrary code by sending a crafted HTTP request; authentication may be possible ...

PT-2024-15859 · Grandstream · Grandstream Ucm Series Ip Pbx

Name of the Vulnerable Software and Affected Versions: Grandstream UCM Series IP PBX versions prior to 1.0.20.52 Description: The issue is related to a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP...

Grandstream UCM Series IP PBX 安全漏洞

The Grandstream UCM Series is a series of IP PBX devices from Grandstream. A security vulnerability exists in the Grandstream UCM Series IP PBX prior to firmware version 1.0.20.52, which originates from a vulnerability that allows an authenticated remote attacker to execute arbitrary code by...

CVE-2022-33704

Improper validation vulnerability in ucmRetParcelable of KnoxSDK prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities...

Command Execution Vulnerability in UCM Collaborative Communication Platform of Beijing Zhongchuang Vision Technology Co. Ltd (CNVD-2021-43039)

Ltd. is a high-tech company specializing in the research and development of video conference system hardware and software. A command execution vulnerability exists in the UCM collaborative communication platform of Beijing Zhongchuang Vision Technology Co., Ltd, which can be exploited by an...

SUSE SLED15 / SLES15 Security Update : gnome-settings-daemon, gnome-shell (SUSE-SU-2020:3132-1)

This update for gnome-settings-daemon, gnome-shell fixes the following issues : gnome-settings-daemon : Add support for recent UCM related changes in ALSA and PulseAudio. jscSLE-16518 Don't warn when a default source or sink is missing and the PulseAudio daemon is restarting. jscSLE-16518 Don't...

openSUSE Security Update : gnome-settings-daemon / gnome-shell (openSUSE-2020-1861)

This update for gnome-settings-daemon, gnome-shell fixes the following issues : gnome-settings-daemon : - Add support for recent UCM related changes in ALSA and PulseAudio. jscSLE-16518 - Don't warn when a default source or sink is missing and the PulseAudio daemon is restarting. jscSLE-16518 -...

Security update for gnome-settings-daemon, gnome-shell (moderate)

openSUSE Security Update: Security update for gnome-settings-daemon, gnome-shell Announcement ID: openSUSE-SU-2020:1861-1 Rating: moderate References: 1172760 1175155 Cross-References: CVE-2020-17489 Affected Products: openSUSE Leap 15.2 An update that solves one vulnerability and has one errata ...

CVE-2020-3135

CVE-2020-3135 affects Cisco Unified Communications Manager (UCM) web-based management interface. Root cause: insufficient CSRF protections in the UI allow an unauthenticated, remote attacker to lure a user into a malicious link, enabling arbitrary actions with the targeted user’s privileges. Impa...

CVE-2020-3177

Cisco UCS CUCM and SME TAPS path traversal (CVE-2020-3177) is due to insufficient validation of input to the TAPS interface, enabling an unauthenticated attacker to trigger directory traversal and read arbitrary files. Affected components include the Tool for Auto-Registered Phones Support (TAPS)...

CVE-2020-3177 Cisco Unified Communications Manager Path Traversal Vulnerability

A vulnerability in the Tool for Auto-Registered Phones Support TAPS of Cisco Unified Communications Manager UCM and Cisco Unified Communications Manager Session Management Edition SME could allow an unauthenticated, remote attacker to conduct directory traversal attacks on an affected device. The...

CVE-2020-3177 Cisco Unified Communications Manager Path Traversal Vulnerability

A vulnerability in the Tool for Auto-Registered Phones Support TAPS of Cisco Unified Communications Manager UCM and Cisco Unified Communications Manager Session Management Edition SME could allow an unauthenticated, remote attacker to conduct directory traversal attacks on an affected device. The...

Grandstream UCM Detection Consolidation

Consolidation of Grandstream UCM detections. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only include"pluginfeedinfo.inc"; if description...

UCM6202 1.0.18.13 - Remote Command Injection Exploit

Exploit for hardware platform in category web applications Exploit Title: UCM6202 1.0.18.13 - Remote Command Injection Exploit Author: Jacob Baines Vendor: http://www.grandstream.com Product Link: http://www.grandstream.com/products/ip-pbxs/ucm-series-ip-pbxs/product/ucm6200-series Tested on:...

openSUSE Security Update : the Linux Kernel (openSUSE-2018-1549)

The openSUSE Leap 42.3 kernel was updated to 4.4.165-81.1 to receive various bugfixes. The following non-security bugs were fixed : - 9p locks: fix glock.clientid leak in dolock bnc1012382. - 9p: clear dangling pointers in p9statfree bnc1012382. - ACPI / LPSS: Add alternative ACPI HIDs for Cherry...

Security update for the Linux Kernel (important)

The openSUSE Leap 42.3 kernel was updated to 4.4.165-81.1 to receive various bugfixes. The following non-security bugs were fixed: - 9p locks: fix glock.clientid leak in dolock bnc1012382. - 9p: clear dangling pointers in p9statfree bnc1012382. - ACPI / LPSS: Add alternative ACPI HIDs for Cherry...