17 matches found
FreePBX endpoint SQLi to RCE
FreePBX is an open-source IP PBX management tool that provides a modern phone system for businesses that use VoIP to make and receive phone calls. Versions before 16.0.44 and 17.0.23 are vulnerable to CVE-2025-66039, while versions before 16.0.92 and 17.0.6 are vulnerable to CVE-2025-61675. The...
FreePBX Custom Extension SQL Injection
FreePBX versions prior to 16.0.44,16.0.92 and 17.0.23,17.0.6 are vulnerable to multiple CVEs, specifically CVE-2025-66039 and CVE-2025-61675, in the context of this module. The versions before 16.0.44 and 17.0.23 are vulnerable to CVE-2025-66039, while versions before 16.0.92 and 17.0.6 are...
CVE-2025-61675
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the...
CVE-2025-61675
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the...
EUVD-2025-34454
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the...
CVE-2025-61675 FreePBX Endpoint Manager vulnerable to authenticated SQL injection in multiple configuration parameters
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the...
CVE-2025-61675 FreePBX Endpoint Manager vulnerable to authenticated SQL injection in multiple configuration parameters
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the...
PT-2025-42185
Name of the Vulnerable Software and Affected Versions FreePBX Endpoint Manager versions prior to 16.0.92 FreePBX Endpoint Manager versions prior to 17.0.6 Description The FreePBX Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the...
Cyber Warfare during Operation Sindoor: Malware Campaign Analysis and Detection Framework
Rapid digitization of critical infrastructure has made cyberwarfare one of the important dimensions of modern conflicts. Attacking the critical infrastructure is an attractive pre-emptive proposition for adversaries as it can be done remotely without crossing borders. Such attacks disturb the...
PYSEC-2024-25
DuckDB =0.9.2 and DuckDB extension-template =0.9.2 are vulnerable to malicious extension injection via the custom extension feature...
PT-2024-19529 · Duckdb +1 · Duckdb +1
Name of the Vulnerable Software and Affected Versions: DuckDB versions prior to 0.9.3 DuckDB extension-template versions prior to 0.9.3 Description: The issue allows for malicious extension injection through the custom extension feature. Recommendations: For DuckDB versions prior to 0.9.3, update...
CVE-2019-1840 Cisco Prime Network Registrar Denial of Service Vulnerability
A vulnerability in the DHCPv6 input packet processor of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to restart the server and cause a denial of service DoS condition on the affected system. The vulnerability is due to incomplete user-supplied input validation whe...
CVE-2019-1840
Cisco Prime Network Registrar is affected by CVE-2019-1840 in the DHCPv6 input packet processor. The root cause is incomplete validation when a custom extension attempts to modify a received DHCPv6 packet before sanitization, which can be exploited by an unauthenticated attacker sending malformed...
CVE-2019-1840 Cisco Prime Network Registrar Denial of Service Vulnerability
A vulnerability in the DHCPv6 input packet processor of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to restart the server and cause a denial of service DoS condition on the affected system. The vulnerability is due to incomplete user-supplied input validation whe...
Kovter becomes almost file-less, creates a new file type, and gets some new certificates
Trojan:Win32/Kovter is a well-known click-fraud malware which is challenging to detect and remove because of its file-less persistence on infected PCs. In this blog, we will share some technical details about the latest changes we have seen in Kovter’s persistence method and some updates on their...
CVE-2012-4747
Bugzilla 2.x and 3.x through 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to read 1 template aka .tmpl files, 2 other custom...
CVE-2012-4747
Bugzilla 2.x and 3.x through 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to read 1 template aka .tmpl files, 2 other custom...