Elastix 2.3 PHP Code Injection

? / Exploit Title : Elastix 2.3 , Remote Command Execution Exploit Google Dork : WTF!!!! Version: Elastix All versions below 2.3 , Newer versions maybe affected as well ; Tested on: CentOS CVE : notyet Download Vuln software : elastix.org Author : Faris AKA i-Hmx Mail : [email protected] Home :...

Elastix - page Cross-Site Scripting

Elastix - page Cross-Site Scripting source: https://www.securityfocus.com/bid/56746/info Elastix is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

Elastix - 'page' Cross-Site Scripting

source: https://www.securityfocus.com/bid/56746/info Elastix is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...

Elastix 'graph.php' Local File Include Vulnerability

Elastix is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Elastix 2.2.0 - graph.php Local File Inclusion

Elastix 2.2.0 - graph.php Local File Inclusion source: https://www.securityfocus.com/bid/55078/info Elastix is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view files and execute local scripts ...

FreePBX 2.10.0 / 2.9.0 callmenum Remote Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'FreePBX 2.10.0 / 2.9.0 callmenum Remo...

FreePBX 2.9.0/2.10.0 - 'callmenum' Remote Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'FreePBX 2.10.0 / 2.9.0 callmenum Remo...

FreePBX 2.10.0 / 2.9.0 callmenum Remote Code Execution

Exploit for php platform in category web applications This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core'...

FreePBX 2.10.0 / 2.9.0 callmenum Remote Code Execution

This module exploits FreePBX version 2.10.0,2.9.0 and possibly older. Due to the way callmepage.php handles the 'callmenum' parameter, it is possible to inject code to the '$channel' variable in function callmestartcall in order to gain remote code execution. Please note in order to use this modu...

FreePBX 2.10.0 Elastix 2.2.0 - Remote Code Execution

FreePBX 2.10.0 Elastix 2.2.0 - Remote Code Execution !/usr/bin/python Exploit Title: FreePBX / Elastix pre-authenticated remote code execution exploit Google Dork: oy vey Date: March 23rd, 2012 Author: muts Version: FreePBX 2.10.0/ 2.9.0, Elastix 2.2.0, possibly others. Tested on: multiple CVE :...

FreePBX 2.10.0 / Elastix 2.2.0 - Remote Code Execution

!/usr/bin/python Exploit Title: FreePBX / Elastix pre-authenticated remote code execution exploit Google Dork: oy vey Date: March 23rd, 2012 Author: muts, SSL update by Emporeo Version: FreePBX 2.10.0/ 2.9.0, Elastix 2.2.0, possibly others. Tested on: multiple CVE : notyet Blog post :...

FreePBX 2.10.0 / Elastic 2.2.0 Remote Code Execution

!/usr/bin/python Exploit Title: FreePBX / Elastix pre-authenticated remote code execution exploit Google Dork: oy vey Date: March 23rd, 2010 Author: muts Version: FreePBX 2.10.0/ 2.9.0, Elastix 2.2.0, possibly others. Tested on: multiple CVE : notyet Blog post :...

Elastix PBX Extensions Enumeration

Exploit Title: Elastix PBX Extensions Enumeration Date: 1 Oct 2011 Author: Bassem Saleh Contact: Injectoratlivedotcom Software Link: http://www.elastix.org/ Version: 2.X and may be below versions Tested on: 2.0.3 ================================================================ Non privileges user...

Elastix Cross Site Scripting

Oh look I think bugtraq hates me .... more lame xss in yet another voip management user interface for asterisk... ---------- Forwarded message ---------- From: dave b Date: 29 October 2010 03:36 Subject: xss in elastix To: [email protected] xss in elastixhttp://www.elastix.org/ , 1...

Elastix 2.0.2 - Multiple Cross-Site Scripting Vulnerabilities

Elastix 2.0.2 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/44565/info Elastix is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrar...

Elastix 2.0.2 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/44565/info Elastix is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

CVE-2010-1492

Directory traversal vulnerability in help/frameRight.php in Elastix 1.6.0 allows remote attackers to read arbitrary files via a .. dot dot in the idnodo parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2010-1492

Directory traversal vulnerability in help/frameRight.php in Elastix 1.6.0 allows remote attackers to read arbitrary files via a .. dot dot in the idnodo parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2010-1492

CVE-2010-1492 affects Elastix 1.6.0. A directory traversal flaw in help/frameRight.php (id_nodo parameter) lets remote attackers read arbitrary files using ..; no exploit details provided in the connected docs. CVSSv2 base score 5.0 (Medium). Remediation details are not specified in the supplied ...