Total
10 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11638 | 1 Dialogic | 1 Powermedia Xms | 2023-12-10 | 9.0 HIGH | 7.2 HIGH |
| Unrestricted Upload of a File with a Dangerous Type in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to upload malicious code to the web root to gain code execution. | |||||
| CVE-2018-11641 | 1 Dialogic | 1 Powermedia Xms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Use of Hard-coded Credentials in /var/www/xms/application/controllers/gatherLogs.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to interact with a web service. | |||||
| CVE-2018-11635 | 1 Dialogic | 1 Powermedia Xms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to bypass authentication. | |||||
| CVE-2018-11643 | 1 Dialogic | 1 Powermedia Xms | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to execute arbitrary SQL commands via the filterPattern parameter. | |||||
| CVE-2018-11642 | 1 Dialogic | 1 Powermedia Xms | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dialogic PowerMedia XMS through 3.5 allows local users to execute code as the root user. | |||||
| CVE-2018-11637 | 1 Dialogic | 1 Powermedia Xms | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Information leakage vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to read arbitrary files from the /var/ directory because a symlink exists under the web root. | |||||
| CVE-2018-11636 | 1 Dialogic | 1 Powermedia Xms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to execute malicious and unauthorized actions. | |||||
| CVE-2018-11639 | 1 Dialogic | 1 Powermedia Xms | 2023-12-10 | 4.3 MEDIUM | 8.1 HIGH |
| Plaintext Storage of Passwords within Cookies in /var/www/xms/application/controllers/verifyLogin.php in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to access a user's password in cleartext. | |||||
| CVE-2018-11640 | 1 Dialogic | 1 Powermedia Xms | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| XML External Entity (XXE) vulnerability in the web service in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to read arbitrary files or cause a denial of service (resource consumption). | |||||
| CVE-2018-11634 | 1 Dialogic | 1 Powermedia Xms | 2023-12-10 | 2.1 LOW | 7.8 HIGH |
| Plaintext Storage of Passwords in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows local users to access the web application's user passwords in cleartext by reading /var/www/xms/xmsdb/default.db. | |||||