66 matches found
Critical Security Bugs Uncovered in VoIPmonitor Monitoring Software
Critical security vulnerabilities have been uncovered in VoIPmonitor software that, if successfully exploited, could allow unauthenticated attackers to escalate privileges to the administrator level and execute arbitrary commands. Following responsible disclosure by researchers from Kerbit, an...
CVE-2022-24262
The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root...
CVE-2022-24262
The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root...
CVE-2022-24262
The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root...
CVE-2022-24259
An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated attackers to escalate privileges via a crafted request...
CVE-2022-24260
A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level...
CVE-2022-24259
An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated attackers to escalate privileges via a crafted request...
CVE-2022-24260
A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level...
CVE-2022-24260
A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level...
CVE-2022-24259
An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated attackers to escalate privileges via a crafted request...
Cross site request forgery (csrf)
An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated attackers to escalate privileges via a crafted request...
Command injection
The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root...
Sql injection
A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level...
CVE-2022-24262
VoIPmonitor GUI vulnerability CVE-2022-24262 affects the GUI prior to v24.96 where the config restore function does not validate restore archive files, enabling remote command execution via a crafted file in the web root. The issue stems from insufficient checks on archive formats during restore....
CVE-2022-24262
The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root...
CVE-2022-24259
An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated attackers to escalate privileges via a crafted request...
CVE-2022-24259
VoIPmonitor GUI (cdr.php) contains an incorrect check in versions before 24.96, enabling an unauthenticated attacker to escalate privileges via a crafted request. Affected software: VoIPmonitor GUI; root cause: faulty access check in cdr.php leading to privilege escalation. Impact: unauthenticate...
CVE-2022-24260
Voipmonitor GUI contains a pre-auth SQL injection (CVE-2022-24260 ) in the API/utility paths (api.php and utilities.php) prior to v24.96 that allows an attacker to escalate to Administrator privileges and potentially extract data. The Nuclei template confirms the vulnerability class and affected ...
CVE-2022-24260
A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level...
Voipmonitor 授权问题漏洞
VoIPmonitor is an open source network packet sniffer from the VoIPmonitor team. Has a commercial front-end for the SIP RTP RTCP SKINNY SCCP MGCP WebRTC VoIP protocol running on Linux. Voipmonitor suffers from a security vulnerability that stems from an error check in cdr.php, a component of the...