MGASA-2013-0279 Updated freeswitch packages fix security vulnerability

In FreeSWITCH before 1.2.12, if the routing configuration includes regular expressions that don't constrain the length of the input, buffer overflows are possible. Since these regular expressions are matched against untrusted input, remote code execution may be possible CVE-2013-2238...

[SQLi] vBilling for FreeSWITCH

vBilling for FreeSWITCH. http://blaszczakm.blogspot.com/2013/04/vbilling-freeswitch-sqli.html Michal Blaszczak 1 SQL Injection reset password any SIP account file: controllers/customer.php $sql2 = "UPDATE directoryparams SET paramvalue = '".$newpassword."' WHERE directoryid = '".$recordid."' "; 2...

FreeSWITCH vBilling SQL Injection

vBilling for FreeSWITCH. http://blaszczakm.blogspot.com/2013/04/vbilling-freeswitch-sqli.html Michal Blaszczak 1 SQL Injection reset password any SIP account file: controllers/customer.php $sql2 = "UPDATE directoryparams SET paramvalue = '".$newpassword."' WHERE directoryid = '".$recordid."' "; 2...

FreeSWITCH Route Header Value Handling DoS

According to its self-reported version, the remote FreeSWITCH install is affected by a denial of service vulnerability in the Sofia SIP stack. A remote attacker can exploit this, via a specially crafted INVITE request with a 'Route' value containing a long list, to crash the service. %NASLMINLEVE...

ASTPP VoIP Billing (4cf207a) - Multiple Vulnerabilities

ASTPP VoIP Billing 4cf207a - Multiple Vulnerabilities Title: ====== ASTPP VoIP Billing 4cf207a - Multiple Web Vulnerabilities Date: ===== 2012-08-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=687 VL-ID: ===== 687 Common Vulnerability Scoring System:...

ASTPP VoIP Billing (4cf207a) - Multiple Web Vulnerabilities

Document Title: =============== ASTPP VoIP Billing 4cf207a - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=687 Release Date: ============= 2012-08-16 Vulnerability Laboratory ID VL-ID: ==================================== 6...

Free PBX Phone System v2.x v3.x - Multiple Vulnerabilities

Document Title: =============== Free PBX Phone System v2.x v3.x - Multiple Vulnerabilities Release Date: ============= 2011-08-08 Vulnerability Laboratory ID VL-ID: ==================================== 79 Product & Service Introduction: =============================== Its Hard to Beat Free FreePB...

PBX Business Phone Application Cross Site Scripting

PenTest Information: ==================== Global-Evolution Security Team remove discover multiple Vulnerabilities on PBX Phone System Application. An attacker can get sensitive customer/admin session-data over multiple Cross-Site-Scripting vulnerabilities. Details ======= Tested on OS: Windows 7...

PBX Phone System v2.x - Multiple Vulnerabilities

No description provided by source. PenTest Information: ==================== Global-Evolution Security Team remove discover multiple Vulnerabilities on PBX Phone System Application. An attacker can get sensitive customer/admin session-data over multiple Cross-Site-Scripting vulnerabilities. Detai...

PBX Phone System 2.x - Multiple Vulnerabilities

PBX Phone System 2.x - Multiple Vulnerabilities PenTest Information: ==================== Global-Evolution Security Team remove discover multiple Vulnerabilities on PBX Phone System Application. An attacker can get sensitive customer/admin session-data over multiple Cross-Site-Scripting...

PBX Phone System v2.x - Multiple Vulnerabilities

Exploit for unknown platform in category web applications ================================================ PBX Phone System v2.x - Multiple Vulnerabilities ================================================ PenTest Information: ==================== Global-Evolution Security Team remove discover...

PBX Phone System 2.x - Multiple Vulnerabilities

PenTest Information: ==================== Global-Evolution Security Team remove discover multiple Vulnerabilities on PBX Phone System Application. An attacker can get sensitive customer/admin session-data over multiple Cross-Site-Scripting vulnerabilities. Details ======= Tested on OS: Windows 7...