Dialogic

Powermedia Xms

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2018-11643

Exploit
  • EPSS 0.43%
  • Veröffentlicht 03.07.2018 17:29:01
  • Zuletzt bearbeitet 21.11.2024 03:43:45

SQL injection vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to execute arbitrary SQL commands via the filterPattern parameter.

7.8

CVE-2018-11634

Exploit
  • EPSS 0.05%
  • Veröffentlicht 03.07.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:43:44

Plaintext Storage of Passwords in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows local users to access the web application's user passwords in cleartext by reading /var/www/xms/xmsdb/default.db.

9.8

CVE-2018-11635

Exploit
  • EPSS 1.05%
  • Veröffentlicht 03.07.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:43:44

Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to bypass authentication.

8.8

CVE-2018-11636

Exploit
  • EPSS 0.2%
  • Veröffentlicht 03.07.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:43:44

Cross-site request forgery (CSRF) vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to execute malicious and unauthorized actions.

7.5

CVE-2018-11637

Exploit
  • EPSS 0.36%
  • Veröffentlicht 03.07.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:43:44

Information leakage vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to read arbitrary files from the /var/ directory because a symlink exists under the web root.

9

CVE-2018-11638

Exploit
  • EPSS 2.27%
  • Veröffentlicht 03.07.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:43:44

Unrestricted Upload of a File with a Dangerous Type in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to upload malicious code to the web root to gain code execution.

8.1

CVE-2018-11639

Exploit
  • EPSS 0.45%
  • Veröffentlicht 03.07.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:43:45

Plaintext Storage of Passwords within Cookies in /var/www/xms/application/controllers/verifyLogin.php in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to access a user's password in cleartext.

9.1

CVE-2018-11640

Exploit
  • EPSS 0.63%
  • Veröffentlicht 03.07.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:43:45

XML External Entity (XXE) vulnerability in the web service in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to read arbitrary files or cause a denial of service (resource consumption).

9.8

CVE-2018-11641

Exploit
  • EPSS 0.74%
  • Veröffentlicht 03.07.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:43:45

Use of Hard-coded Credentials in /var/www/xms/application/controllers/gatherLogs.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to interact with a web service.

7.8

CVE-2018-11642

Exploit
  • EPSS 0.05%
  • Veröffentlicht 03.07.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:43:45

Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dialogic PowerMedia XMS through 3.5 allows local users to execute code as the root user.