Filtered by vendor Dialogic
Subscriptions
Filtered by product Powermedia Xms
Subscriptions
Total
10 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-11643 | 1 Dialogic | 1 Powermedia Xms | 2024-11-21 | N/A |
| SQL injection vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to execute arbitrary SQL commands via the filterPattern parameter. | ||||
| CVE-2018-11642 | 1 Dialogic | 1 Powermedia Xms | 2024-11-21 | N/A |
| Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dialogic PowerMedia XMS through 3.5 allows local users to execute code as the root user. | ||||
| CVE-2018-11641 | 1 Dialogic | 1 Powermedia Xms | 2024-11-21 | N/A |
| Use of Hard-coded Credentials in /var/www/xms/application/controllers/gatherLogs.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to interact with a web service. | ||||
| CVE-2018-11640 | 1 Dialogic | 1 Powermedia Xms | 2024-11-21 | N/A |
| XML External Entity (XXE) vulnerability in the web service in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to read arbitrary files or cause a denial of service (resource consumption). | ||||
| CVE-2018-11639 | 1 Dialogic | 1 Powermedia Xms | 2024-11-21 | N/A |
| Plaintext Storage of Passwords within Cookies in /var/www/xms/application/controllers/verifyLogin.php in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to access a user's password in cleartext. | ||||
| CVE-2018-11638 | 1 Dialogic | 1 Powermedia Xms | 2024-11-21 | N/A |
| Unrestricted Upload of a File with a Dangerous Type in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to upload malicious code to the web root to gain code execution. | ||||
| CVE-2018-11637 | 1 Dialogic | 1 Powermedia Xms | 2024-11-21 | N/A |
| Information leakage vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to read arbitrary files from the /var/ directory because a symlink exists under the web root. | ||||
| CVE-2018-11636 | 1 Dialogic | 1 Powermedia Xms | 2024-11-21 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to execute malicious and unauthorized actions. | ||||
| CVE-2018-11635 | 1 Dialogic | 1 Powermedia Xms | 2024-11-21 | N/A |
| Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to bypass authentication. | ||||
| CVE-2018-11634 | 1 Dialogic | 1 Powermedia Xms | 2024-11-21 | N/A |
| Plaintext Storage of Passwords in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows local users to access the web application's user passwords in cleartext by reading /var/www/xms/xmsdb/default.db. | ||||
Page 1 of 1.