Condorlab

Cross Site Scripting in Cisco Costumer Voice Portal

Advisory ID RSN-UC-0003 Vulnerability Information Due to insufficient input validation of a parameter in multiple pages used by the web interface of Cisco Unified Voice Portal versions 9.0 (1) and 10.0 (1), an unauthenticated user could...

Cisco SPA 300 and 500 Series IP Phones XSS

Advisory ID RSN-UT-0001 Vulnerability Information A remote user can exploit a Cross Site Scripting (XSS) vulnerability in the Cisco SPA300 and SPA500 Series IP Phones. The vulnerability is due to insufficient validation of user-supplie...

Bypass ACL Restriction on Different Asterisk Products

Advisory ID RSN-PBX-0001 Vulnerability Information Is possible to bypass the whitelist and blacklist that can be created on various modules in Asterisk via ACL options. There is a bug on the ACL code where an attacker can bypass them u...

Yealink Phones HTTP Response Splitting Vulnerability

Advisory ID RSN-UT-0004 Vulnerability Information In a response splitting vulnerability is possible to manipulate the web server in order to change the answer to the client when some resource is tried to be accessed on the server. In ...