CVE-2018-19911

FreeSWITCH up to 1.8.2 with mod_xml_rpc enabled is vulnerable to remote command execution via the api/system/txtapi/system endpoints on TCP port 8080 (example: api/system?calc). The issue can also be exploited via CSRF, and in some cases the freeswitch account’s default password may be usable. Th...

CVE-2018-19911

FreeSWITCH through 1.8.2, when modxmlrpc is enabled, allows remote attackers to execute arbitrary commands via the api/system or txtapi/system or api/bgsystem or txtapi/bgsystem query string on TCP port 8080, as demonstrated by an api/system?calc URI. This can also be exploited via CSRF...

freeswitch.org XSS vulnerability

Open Bug Bounty ID: OBB-676592 Description| Value ---|--- Affected Website:| freeswitch.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

freeswitch.com XSS vulnerability

Open Bug Bounty ID: OBB-626814 Description| Value ---|--- Affected Website:| freeswitch.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

FreeSWITCH Detection

Binary data freeswitchdetection.nbin...

FreeSWITCH < 1.4.26 / 1.6.x < 1.6.5 JSON Parser RCE

The remote FreeSWITCH server is prior to version 1.4.26 or 1.6.x prior to 1.6.5. It is, therefore, affected by a remote code execution vulnerability due to improper validation of user-supplied input to the parsestring function in esljson.c, switchjson.c, and ksjson.c. A remote attacker can exploi...

FreeSWITCH buffer overflow

Buffer overflow on JSON parsing...

CVE-2015-7392 Heap overflow in Freeswitch json parser &lt; 1.6.2 &amp; &lt; 1.4.23

Advisory Information Title: Heap overflow in freeswitch json parser 1.6.2 & 1.4.23 Submitter: Marcello Duarte [email protected] Product: freeswitch Product URL: http://freeswitch.org Affected Versions: freeswitch 1.6.2 & 1.4.23 Fixed Versions: 1.6.2 , 1.4.23 Link to source code diff:...

CVE-2015-7392

Heap-based buffer overflow in the parsestring function in libs/esl/src/esljson.c in FreeSWITCH before 1.4.23 and 1.6.x before 1.6.2 allows remote attackers to execute arbitrary code via a trailing \u in a json string to cJSONParse...

Heap overflow

Heap-based buffer overflow in the parsestring function in libs/esl/src/esljson.c in FreeSWITCH before 1.4.23 and 1.6.x before 1.6.2 allows remote attackers to execute arbitrary code via a trailing \u in a json string to cJSONParse...

CVE-2015-7392

CVE-2015-7392 is a heap-based overflow in FreeSWITCH’s JSON parser. The flaw lives in the parse_string function of esl_json.c and is exploitable via a crafted JSON string to cJSON_Parse, affecting FreeSWITCH &lt; 1.4.23 and

CVE-2015-7392

Heap-based buffer overflow in the parsestring function in libs/esl/src/esljson.c in FreeSWITCH before 1.4.23 and 1.6.x before 1.6.2 allows remote attackers to execute arbitrary code via a trailing \u in a json string to cJSONParse...

freeswitch Heap Overflow Vulnerability

The JSON parser in freeswitch versions prior to 1.6.2 and 1.4.23 suffer from a heap overflow vulnerability. 1. Advisory Information Title: Heap overflow in freeswitch json parser 1.6.2 & 1.4.23 Submitter: Marcello Duarte email protected Product: freeswitch Product URL: http://freeswitch.org...

FreeSWITCH 'switch_regex.c' Multiple Buffer Overflow Vulnerabilities

FreeSWITCH is prone to multiple buffer overflow vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

FreeSWITCH Detection (SIP)

Detection of FreeSWITCH over SIP. This script performs SIP based detection of FreeSWITCH. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2013-2238

Multiple buffer overflows in the switchperformsubstitution function in switchregex.c in FreeSWITCH 1.2 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via vectors related to the index and substituted variables...

Buffer overflow

Multiple buffer overflows in the switchperformsubstitution function in switchregex.c in FreeSWITCH 1.2 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via vectors related to the index and substituted variables...

CVE-2013-2238

Summary: CVE-2013-2238 affects FreeSWITCH 1.2.x. Multiple buffer overflows in the switch_perform_substitution logic of switch_regex.c can be triggered by crafted inputs, potentially causing a crash (DoS) and possibly enabling remote code execution. Affected product/component: FreeSWITCH 1.2.x (no...

CVE-2013-2238

Multiple buffer overflows in the switchperformsubstitution function in switchregex.c in FreeSWITCH 1.2 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via vectors related to the index and substituted variables...

Updated freeswitch packages fix security vulnerability

In FreeSWITCH before 1.2.12, if the routing configuration includes regular expressions that don't constrain the length of the input, buffer overflows are possible. Since these regular expressions are matched against untrusted input, remote code execution may be possible CVE-2013-2238...