7 matches found
FreeBPX < 16.0.44 Authentication Bypass
According to its self-reported version number, the FreePBOX application running on the remote host is prior to 16.0.44 or 17.x prior to 17.0.23. It is, therefore, affected by an authentication bypass when providing an Authorization header with an arbitrary value, a session is associated with the...
FreeBPX 17.0.x < 17.0.23 Authentication Bypass
According to its self-reported version number, the FreePBOX application running on the remote host is prior to 16.0.44 or 17.x prior to 17.0.23. It is, therefore, affected by an authentication bypass when providing an Authorization header with an arbitrary value, a session is associated with the...
CVE-2025-66039 FreePBX Endpoint Manager Allows Unauthenticated Logins to Administrator Control Panel via Forged Basic Auth Header
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, a session is associated with the target us...
CVE-2025-66039
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, a session is associated with the target us...
CVE-2025-66039 FreePBX Endpoint Manager Allows Unauthenticated Logins to Administrator Control Panel via Forged Basic Auth Header
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, a session is associated with the target us...
PT-2025-50274
Name of the Vulnerable Software and Affected Versions FreePBX Endpoint Manager versions 16.0.0 through 16.0.43 FreePBX Endpoint Manager versions 17.0.0 through 17.0.22 Description The FreePBX Endpoint Manager module contains a flaw in its authentication mechanism when the authentication type is s...
Visual Studio 2022 version 17.0.23 update
This security update applies to all editions of Visual Studio 2022, and will update client machines on the LTSC channel to version 17.0.23. The client machines must be enabled to receive this administrator update, and by default Visual Studio must be closed on the client in order for the update t...