63 matches found
VoipMonitor <24.61 - Remote Code Execution
VoipMonitor prior to 24.61 is susceptible to remote code execution vulnerabilities because of its use of user supplied data via its web interface, allowing remote unauthenticated users to trigger a remote PHP code execution vulnerability. id: CVE-2021-30461 info: name: VoipMonitor 24.61 - Remote...
VoipMonitor - Pre-Auth SQL Injection
A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level. id: CVE-2022-24260 info: name: VoipMonitor - Pre-Auth SQL Injection author: gy741 severity: critical description: A SQL injection vulnerability in Voipmonitor GUI...
EUVD-2021-28436
Malicious code in bioql PyPI...
EUVD-2022-29166
Malicious code in bioql PyPI...
EUVD-2022-29169
Malicious code in bioql PyPI...
CVE-2022-24262
The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root...
CVE-2022-24260
A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level...
CVE-2022-24259
An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated attackers to escalate privileges via a crafted request...
CVE-2021-30461
A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. When the recheck option is used, the user-supplied SPOOLDIR value which might contain PHP code is injected into config/configuration.php...
CVE-2021-41408
VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the "api.php" file and "user" parameter...
VulnCheck KEV: CVE-2021-30461
A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. When the recheck option is used, the user-supplied SPOOLDIR value which might contain PHP code is injected into config/configuration.php...
VulnCheck KEV: CVE-2022-24260
A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level...
VoIPmonitor SQL Injection Vulnerability (CNVD-2022-66404)
VoIPmonitor is an open source network packet sniffer from the VoIPmonitor team. With a commercial front-end for SIP RTP RTCP SKINNY SCCP MGCP WebRTC VoIP protocol running on Linux, VoIPmonitor version 24.61 is vulnerable to a SQL injection vulnerability caused by missing filter escaping for SQL...
CVE-2021-41408
VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the "api.php" file and "user" parameter...
CVE-2021-41408
VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the "api.php" file and "user" parameter...
Sql injection
VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the "api.php" file and "user" parameter...
CVE-2021-41408
CVE-2021-41408 concerns VoIPmonitor WEB GUI (up to 24.61). The vulnerability is a SQL injection through the api.php endpoint via the user parameter, caused by missing input filtering/escaping. Exploitation could allow an attacker to execute arbitrary SQL commands and access stolen data, as indica...
CVE-2021-41408
VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the "api.php" file and "user" parameter...
VoIPmonitor SQL注入漏洞
VoIPmonitor is an open source network packet sniffer from the VoIPmonitor team. With a commercial front-end for SIP RTP RTCP SKINNY SCCP MGCP WebRTC VoIP protocol running on Linux, VoIPmonitor version 24.61 is vulnerable to a SQL injection vulnerability caused by missing filter escaping for SQL...
Critical Security Bugs Uncovered in VoIPmonitor Monitoring Software
Critical security vulnerabilities have been uncovered in VoIPmonitor software that, if successfully exploited, could allow unauthenticated attackers to escalate privileges to the administrator level and execute arbitrary commands. Following responsible disclosure by researchers from Kerbit, an...