Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dialogic powermedia xms 3.5 vulnerabilities and exploits
(subscribe to this query)
187
VMScore
CVE-2018-11634
Plaintext Storage of Passwords in the administrative console in Dialogic PowerMedia XMS prior to 3.5 SU2 allows local users to access the web application's user passwords in cleartext by reading /var/www/xms/xmsdb/default.db.
Dialogic Powermedia Xms
Dialogic Powermedia Xms 3.5
383
VMScore
CVE-2018-11639
Plaintext Storage of Passwords within Cookies in /var/www/xms/application/controllers/verifyLogin.php in the administrative console in Dialogic PowerMedia XMS prior to 3.5 SU2 allows remote malicious users to access a user's password in cleartext.
Dialogic Powermedia Xms
Dialogic Powermedia Xms 3.5
605
VMScore
CVE-2018-11636
Cross-site request forgery (CSRF) vulnerability in the administrative console in Dialogic PowerMedia XMS up to and including 3.5 allows remote malicious users to execute malicious and unauthorized actions.
Dialogic Powermedia Xms
578
VMScore
CVE-2018-11643
SQL injection vulnerability in the administrative console in Dialogic PowerMedia XMS up to and including 3.5 allows remote authenticated users to execute arbitrary SQL commands via the filterPattern parameter.
Dialogic Powermedia Xms
641
VMScore
CVE-2018-11642
Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dialogic PowerMedia XMS up to and including 3.5 allows local users to execute code as the root user.
Dialogic Powermedia Xms
668
VMScore
CVE-2018-11641
Use of Hard-coded Credentials in /var/www/xms/application/controllers/gatherLogs.php in the administrative console in Dialogic PowerMedia XMS up to and including 3.5 allows remote malicious users to interact with a web service.
Dialogic Powermedia Xms
570
VMScore
CVE-2018-11640
XML External Entity (XXE) vulnerability in the web service in Dialogic PowerMedia XMS prior to 3.5 SU2 allows remote malicious users to read arbitrary files or cause a denial of service (resource consumption).
Dialogic Powermedia Xms
445
VMScore
CVE-2018-11637
Information leakage vulnerability in the administrative console in Dialogic PowerMedia XMS up to and including 3.5 allows remote malicious users to read arbitrary files from the /var/ directory because a symlink exists under the web root.
Dialogic Powermedia Xms
801
VMScore
CVE-2018-11638
Unrestricted Upload of a File with a Dangerous Type in the administrative console in Dialogic PowerMedia XMS up to and including 3.5 allows remote authenticated users to upload malicious code to the web root to gain code execution.
Dialogic Powermedia Xms
668
VMScore
CVE-2018-11635
Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the administrative console in Dialogic PowerMedia XMS up to and including 3.5 allows remote malicious users to bypass authentication.
Dialogic Powermedia Xms
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started