Showing 1 - 1 of 1

CVE-2023-25356

Status Candidate

Overview

CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument Delimiters in a Command. XMPP users are able to inject arbitrary arguments into a system command, which can be used to read files from, and write files to, the sipXcom server. This can also be leveraged to gain remote command execution.

Related Files

CoreDial sipXcom sipXopenfire 21.04 Remote Command Execution / Weak Permissions: Posted Mar 7, 2023; Authored by Systems Research Group; CoreDial sipXcom sipXopenfire versions 21.04 and below suffer from XMPP message system command argument injection and insecure service file permissions that when chained together gives root.; tags | exploit, root; advisories | CVE-2023-25355, CVE-2023-25356; SHA-256 | b306297e359b80aaed39f16e6cdc8e7a70a93aff1cb4084d52e8dfcfadc31596; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 247 files
Ubuntu 91 files
Gentoo 31 files
Debian 17 files
indoushka 12 files
tmrswrr 8 files
Sina Kheirkhah 7 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files
bRpsd 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,082)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,465)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,354)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,678)
UNIX (9,430)
UnixWare (187)
Windows (6,667)
Other

CVE-2023-25356

Overview

Related Files

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems