Chris Castaldo

#12628of 53,639
21.4Total CVSS
Vulnerabilities · 4
Medium
3
High
1
PT-2009-2363
4.3
2009-08-03
3Cx · 3Cx Phone System · CVE-2008-6894
Name of the Vulnerable Software and Affected Versions: 3CX Phone System Free Edition versions 6.0.806.0 through 6.1793 Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the `fName` and `fPassword` parameters in the login.php file. Recommendations: For versions 6.0.806.0 through 6.1793, avoid using the parameters `fName` and `fPassword` in the login.php file until the issue is resolved. As a temporary workaround, consider restricting access to the login.php file to minimize the risk of exploitation.
PT-2009-2364
7.8
2009-08-03
3Cx · 3Cx Phone System · CVE-2008-6895
Name of the Vulnerable Software and Affected Versions: 3CX Phone System version 6.0.806.0 Description: The issue allows remote attackers to cause a denial of service, resulting in unstable service or crash, via unspecified vectors. This has been demonstrated by vulnerability scans from tools like Nessus or SAINT. Recommendations: For 3CX Phone System version 6.0.806.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2009-2365
5.0
2009-08-03
3Cx · 3Cx Phone System · CVE-2008-6896
Name of the Vulnerable Software and Affected Versions: 3CX Phone System version 6.0.806.0 Description: The issue in 3CX Phone System allows remote attackers to gain sensitive information when the disk capacity is fully utilized. This is due to the `login.php` file revealing the installation path via unspecified vectors. Recommendations: For 3CX Phone System version 6.0.806.0, consider restricting access to the `login.php` file until a patch is available to prevent sensitive information disclosure. Additionally, ensure that disk capacity is monitored and maintained to prevent reaching 100% capacity, which can trigger this issue.
PT-2008-2767
4.3
2008-03-06
Authentix · Authentix · CVE-2008-1174
**Name of the Vulnerable Software and Affected Versions** AuthentiX version 6.3b1 Trial **Description** A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `username` parameter in the "editUser.asp" page. **Recommendations** For AuthentiX version 6.3b1 Trial, avoid using the `username` parameter in the editUser.asp page until the issue is resolved. As a temporary workaround, consider restricting access to the editUser.asp page to minimize the risk of exploitation.