Powermedia Xms

powermedia_xms

Vendor: Dialogic • 10 CVEs

CVEs (10)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-11643 1Dialogic 1Powermedia Xms Nov 21, 2024 Jul 3, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 SQL injection vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to execute arbitrary SQL commands via the filterPattern parameter.
CVE-2018-11642 1Dialogic 1Powermedia Xms Nov 21, 2024 Jul 3, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dialogic PowerMedia XMS through 3.5 allows local users to execute code as the root user.
CVE-2018-11641 1Dialogic 1Powermedia Xms Nov 21, 2024 Jul 3, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Use of Hard-coded Credentials in /var/www/xms/application/controllers/gatherLogs.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to interact with a web service.
CVE-2018-11640 1Dialogic 1Powermedia Xms Nov 21, 2024 Jul 3, 2018 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 XML External Entity (XXE) vulnerability in the web service in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to read arbitrary files or cause a denial of service (resource consumption).
CVE-2018-11639 1Dialogic 1Powermedia Xms Nov 21, 2024 Jul 3, 2018 N/A· v4 8.1 HIGH· v3 4.3 MEDIUM· v2 Plaintext Storage of Passwords within Cookies in /var/www/xms/application/controllers/verifyLogin.php in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to access a user's pas...Show more Plaintext Storage of Passwords within Cookies in /var/www/xms/application/controllers/verifyLogin.php in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to access a user's password in cleartext.Show less
CVE-2018-11638 1Dialogic 1Powermedia Xms Nov 21, 2024 Jul 3, 2018 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 Unrestricted Upload of a File with a Dangerous Type in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to upload malicious code to the web root to gain code execution.
CVE-2018-11637 1Dialogic 1Powermedia Xms Nov 21, 2024 Jul 3, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Information leakage vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to read arbitrary files from the /var/ directory because a symlink exists under the web root.
CVE-2018-11636 1Dialogic 1Powermedia Xms Nov 21, 2024 Jul 3, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to execute malicious and unauthorized actions.
CVE-2018-11635 1Dialogic 1Powermedia Xms Nov 21, 2024 Jul 3, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to bypa...Show more Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to bypass authentication.Show less
CVE-2018-11634 1Dialogic 1Powermedia Xms Nov 21, 2024 Jul 3, 2018 N/A· v4 7.8 HIGH· v3 2.1 LOW· v2 Plaintext Storage of Passwords in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows local users to access the web application's user passwords in cleartext by reading /var/www/xms/xmsdb/default....Show more Plaintext Storage of Passwords in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows local users to access the web application's user passwords in cleartext by reading /var/www/xms/xmsdb/default.db.Show less