21 matches found
EUVD-2018-8073
Malware in sbrugna...
EUVD-2018-8069
Malware in sbrugna...
EUVD-2018-8070
Malware in sbrugna...
CVE-2018-16221
The diagnostics web interface in the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware 66.83.0.35 does not validate escape the path information path traversal, which allows an authenticated remote attacker to get access to privileged information e.g., /etc/passwd via path traversal relative path...
CVE-2018-16217
The network diagnostic function ping in the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware 66.83.0.35 allows a remote authenticated attacker to trigger OS commands or open a reverse shell via command injection...
CVE-2018-16218
A CSRF Cross Site Request Forgery in the web interface of the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware version 66.83.0.35 allows a remote attacker to trigger code execution or settings modification on the device by providing a crafted link to the victim...
Command injection
The network diagnostic function ping in the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware 66.83.0.35 allows a remote authenticated attacker to trigger OS commands or open a reverse shell via command injection...
CVE-2018-16221
The diagnostics web interface in the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware 66.83.0.35 does not validate escape the path information path traversal, which allows an authenticated remote attacker to get access to privileged information e.g., /etc/passwd via path traversal relative path...
CVE-2018-16217
The network diagnostic function ping in the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware 66.83.0.35 allows a remote authenticated attacker to trigger OS commands or open a reverse shell via command injection...
CVE-2018-16221
The diagnostics web interface in the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware 66.83.0.35 does not validate escape the path information path traversal, which allows an authenticated remote attacker to get access to privileged information e.g., /etc/passwd via path traversal relative path...
Path traversal
The diagnostics web interface in the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware 66.83.0.35 does not validate escape the path information path traversal, which allows an authenticated remote attacker to get access to privileged information e.g., /etc/passwd via path traversal relative path...
CVE-2018-16217
The network diagnostic function ping in the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware 66.83.0.35 allows a remote authenticated attacker to trigger OS commands or open a reverse shell via command injection...
CVE-2018-16218
A CSRF Cross Site Request Forgery in the web interface of the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware version 66.83.0.35 allows a remote attacker to trigger code execution or settings modification on the device by providing a crafted link to the victim...
Cross site request forgery (csrf)
A CSRF Cross Site Request Forgery in the web interface of the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware version 66.83.0.35 allows a remote attacker to trigger code execution or settings modification on the device by providing a crafted link to the victim...
CVE-2018-16218
A CSRF Cross Site Request Forgery in the web interface of the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware version 66.83.0.35 allows a remote attacker to trigger code execution or settings modification on the device by providing a crafted link to the victim...
CVE-2018-16221
The CVE-2018-16221 affects the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35). The diagnostics web interface does not validate/escape path information, enabling path traversal via the file parameter of a POST request. This authenticated attacker can access privileged files (e.g., ...
CVE-2018-16221
The diagnostics web interface in the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware 66.83.0.35 does not validate escape the path information path traversal, which allows an authenticated remote attacker to get access to privileged information e.g., /etc/passwd via path traversal relative path...
CVE-2018-16218
The CVE-2018-16218 entry concerns a CSRF vulnerability in the web interface of the Yealink Ultra-elegant IP Phone SIP-T41P firmware 66.83.0.35. The issue allows a remote attacker to trigger code execution or settings modification by sending a crafted link to the victim. The root cause is a CSRF w...
CVE-2018-16218
A CSRF Cross Site Request Forgery in the web interface of the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware version 66.83.0.35 allows a remote attacker to trigger code execution or settings modification on the device by providing a crafted link to the victim...
CVE-2018-16217
The CVE-2018-16217 issue affects the YaHoo? Actually Yeahlink Ultra-elegant IP Phone SIP-T41P, firmware 66.83.0.35. The vulnerability is in the network diagnostic function (ping). A remote authenticated attacker can trigger OS commands or open a reverse shell via command injection. Root cause is ...