2 matches found
CVE-2016-10512
The CVE affects MultiTech FaxFinder prior to 4.1.2, where passwords used for testing LDAP connectivity are stored unencrypted. The credentials can be retrieved by the system when the LDAP configuration page is opened and are embedded in the HTML source in cleartext, creating high-risk exposure of...
CVE-2018-17562
CVE-2018-17562 affects Multi-Tech FaxFinder prior to 5.1.6. The flaw is a SQL Injection through a URI endpoint (status/call_details?oid=), enabling an attacker to extract the underlying database schema and reveal other fax server information via additional injection points. Documented CVSS detail...