Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
3cx 3cx vulnerabilities and exploits
(subscribe to this query)
801
VMScore
CVE-2019-9972
PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated malicious user to run arbitrary commands with the phonesystem user privileges because of "<space><space> followed by <shift><enter>" mishandl...
3cx Phone System Firmware 16.0.0.1570
Debian Debian Linux -
801
VMScore
CVE-2019-9971
PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an malicious user to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z (aka postrotate-command) option to tcpdump can be unsafe when u...
3cx Phone System Firmware 16.0.0.1570
Debian Debian Linux -
694
VMScore
CVE-2008-6895
3CX Phone System 6.0.806.0 allows remote malicious users to cause a denial of service (unstable service or crash) via unspecified vectors, as demonstrated by vulnerability scans from Nessus or SAINT.
3cx Phone System 6.0.806.0
668
VMScore
CVE-2019-12498
The WP Live Chat Support plugin prior to 8.0.33 for WordPress accepts certain REST API calls without invoking the wplc_api_permission_check protection mechanism.
3cx Live Chat
668
VMScore
CVE-2019-11185
The WP Live Chat Support Pro plugin up to and including 8.0.26 for WordPress contains an arbitrary file upload vulnerability. This results from an incomplete patch for CVE-2018-12426. Arbitrary file upload is achieved by using a non-blacklisted executable file extension in conjun...
3cx Live Chat
668
VMScore
CVE-2018-12426
The WP Live Chat Support Pro plugin prior to 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a v1/remote_upload request with a .php filename and the image/jpeg content type.
3cx Live Chat
570
VMScore
CVE-2021-45490
The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation.
3cx 3cx
454
VMScore
CVE-2022-27438
Caphyon Ltd Advanced Installer 19.3 and previous versions and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulner...
Caphyon Advanced Installer
Realdefense Mypasslock 1.9.6
Realdefense Mycleanpc 4.0.2
Realdefense Mycleanid 4.1.4
Prusa3d Prusaslicer 2.4.2
Plagiarismcheckerx Plagiarism Checker X 8.0.6
Vigem Vigembus Driver 1.16.116
Nefarius Scptoolkit 1.6.238.16010
Moonsoftware Password Agent 20.10.1
Getmailbird Mailbird 2.9.50.0
Krylack Burning Suite 1.20.05
Krylack Rar Password Recovery 3.70.69
Krylack Volume Serial Number Editor 2.02.34
Krylack Zip Password Recovery 3.70.69
Krylack Asterisks Password Decryptor 3.31.107
Krylack Archive Password Recovery 3.70.69
Jpsoft Take Command 28.2.18
Jki Vi Package Manager 21.1.2754
Honeygain Honeygain 0.10.7.0
Guzogo Guzogo 1.0.5.0
Gamecaster Gamecaster 4.0.2109.2802
Gainedge Better Explorer 2020.3.15.1304
1 Github repository
445
VMScore
CVE-2022-28005
An issue exists in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server (via /Electron/download directory traversal in conjunction with a path component that ...
3cx 3cx
445
VMScore
CVE-2019-13176
An issue exists in the 3CX Phone system (web) management console 12.5.44178.1002 up to and including 12.5 SP2. The Content.MainForm.wgx component is affected by XXE via a crafted XML document in POST data. There is potential to use this for SSRF (reading local files, outbound HTT...
3cx 3cx 12.5.44178.1002
3cx 3cx 12.5
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »