Search
Search Results (147 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-16226 | 1 Mitel | 1 Mivoice Office 400 | 2024-11-21 | N/A |
| A vulnerability in the web admin component of Mitel MiVoice Office 400, versions R5.0 HF3 (v8839a1) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack, due to insufficient validation for the start.asp page. A successful exploit could allow the attacker to execute arbitrary scripts to access sensitive browser-based information. | ||||
| CVE-2018-15497 | 1 Mitel | 2 Mivoice 5330e, Mivoice 5330e Firmware | 2024-11-21 | N/A |
| The Mitel MiVoice 5330e VoIP device is affected by memory corruption flaws in the SIP/SDP packet handling functionality. An attacker can exploit this issue remotely, by sending a particular pattern of SIP/SDP packets, to cause a denial of service state in the affected devices and probably remote code execution. | ||||
| CVE-2018-12901 | 1 Mitel | 2 St, St Firmware | 2024-11-21 | N/A |
| A vulnerability in the conferencing component of Mitel ST 14.2, versions GA29 (19.49.9400.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page. A successful exploit could allow an attacker to execute arbitrary scripts. | ||||
| CVE-2017-16251 | 1 Mitel | 1 St14.2 | 2024-11-21 | N/A |
| A vulnerability in the conferencing component of Mitel ST 14.2, release GA28 and earlier, could allow an authenticated user to upload a malicious script to the Personal Library by a crafted POST request. Successful exploit could allow an attacker to execute arbitrary code within the context of the application. | ||||
| CVE-2017-16250 | 1 Mitel | 1 St14.2 | 2024-11-21 | N/A |
| A vulnerability in Mitel ST 14.2, release GA28 and earlier, could allow an attacker to use the API function to enumerate through user-ids which could be used to identify valid user ids and associated user names. | ||||
| CVE-2016-6562 | 1 Mitel | 1 Shortel Mobility Client | 2024-11-21 | N/A |
| On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive account information such as login credentials. | ||||
| CVE-2024-30158 | 1 Mitel | 1 Micollab | 2024-10-25 | 7.2 High |
| A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary database and management operations. | ||||