Lucene search
+L

66 matches found

The Hacker News
The Hacker News
added 2022/03/02 6:41 a.m.58 views

Critical Security Bugs Uncovered in VoIPmonitor Monitoring Software

Critical security vulnerabilities have been uncovered in VoIPmonitor software that, if successfully exploited, could allow unauthenticated attackers to escalate privileges to the administrator level and execute arbitrary commands. Following responsible disclosure by researchers from Kerbit, an...

10CVSS4.8AI score0.49992EPSS
Exploits3
ATTACKERKB
ATTACKERKB
added 2022/02/04 5:15 p.m.7 views

CVE-2022-24262

The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root...

8.8CVSS7.7AI score0.01825EPSS
Exploits1References3
OSV
OSV
added 2022/02/04 5:15 p.m.5 views

CVE-2022-24262

The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root...

8.8CVSS6AI score0.01825EPSS
Exploits1References2
NVD
NVD
added 2022/02/04 5:15 p.m.21 views

CVE-2022-24262

The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root...

8.8CVSS0.01825EPSS
Exploits1References2
NVD
NVD
added 2022/02/04 5:15 p.m.24 views

CVE-2022-24259

An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated attackers to escalate privileges via a crafted request...

9.8CVSS0.02001EPSS
Exploits1References2
OSV
OSV
added 2022/02/04 5:15 p.m.2 views

CVE-2022-24260

A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level...

9.8CVSS7.6AI score0.49992EPSS
Exploits1References2
OSV
OSV
added 2022/02/04 5:15 p.m.4 views

CVE-2022-24259

An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated attackers to escalate privileges via a crafted request...

9.8CVSS7.5AI score0.02001EPSS
Exploits1References2
NVD
NVD
added 2022/02/04 5:15 p.m.31 views

CVE-2022-24260

A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level...

10CVSS0.49992EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/02/04 5:15 p.m.23 views

CVE-2022-24260

A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level...

10CVSS7.5AI score0.49992EPSS
In wildExploits1References4
ATTACKERKB
ATTACKERKB
added 2022/02/04 5:15 p.m.7 views

CVE-2022-24259

An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated attackers to escalate privileges via a crafted request...

9.8CVSS7.4AI score0.02001EPSS
Exploits1References3
Prion
Prion
added 2022/02/04 5:15 p.m.18 views

Cross site request forgery (csrf)

An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated attackers to escalate privileges via a crafted request...

7.5CVSS9.3AI score0.02001EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/02/04 5:15 p.m.13 views

Command injection

The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root...

6.5CVSS8.8AI score0.01825EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/02/04 5:15 p.m.16 views

Sql injection

A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level...

10CVSS9.8AI score0.49992EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/02/04 4:10 p.m.57 views

CVE-2022-24262

VoIPmonitor GUI vulnerability CVE-2022-24262 affects the GUI prior to v24.96 where the config restore function does not validate restore archive files, enabling remote command execution via a crafted file in the web root. The issue stems from insufficient checks on archive formats during restore....

8.8CVSS9.2AI score0.01825EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/02/04 4:10 p.m.26 views

CVE-2022-24262

The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root...

9.1AI score0.01825EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/02/04 4:10 p.m.28 views

CVE-2022-24259

An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated attackers to escalate privileges via a crafted request...

9.6AI score0.02001EPSS
Exploits1References2
CVE
CVE
added 2022/02/04 4:10 p.m.77 views

CVE-2022-24259

VoIPmonitor GUI (cdr.php) contains an incorrect check in versions before 24.96, enabling an unauthenticated attacker to escalate privileges via a crafted request. Affected software: VoIPmonitor GUI; root cause: faulty access check in cdr.php leading to privilege escalation. Impact: unauthenticate...

9.8CVSS9.4AI score0.02001EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/02/04 4:10 p.m.185 views

CVE-2022-24260

Voipmonitor GUI contains a pre-auth SQL injection (CVE-2022-24260 ) in the API/utility paths (api.php and utilities.php) prior to v24.96 that allows an attacker to escalate to Administrator privileges and potentially extract data. The Nuclei template confirms the vulnerability class and affected ...

10CVSS9.8AI score0.49992EPSS
In wildExploits1References2Affected Software1
Cvelist
Cvelist
added 2022/02/04 4:10 p.m.30 views

CVE-2022-24260

A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level...

10AI score0.49992EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/02/04 12:0 a.m.8 views

Voipmonitor 授权问题漏洞

VoIPmonitor is an open source network packet sniffer from the VoIPmonitor team. Has a commercial front-end for the SIP RTP RTCP SKINNY SCCP MGCP WebRTC VoIP protocol running on Linux. Voipmonitor suffers from a security vulnerability that stems from an error check in cdr.php, a component of the...

9.8CVSS8.5AI score0.02001EPSS
Exploits1References3
Rows per page
Query Builder