Elastix < 2.4 PHP Code Injection Vulnerability

Elastix is prone to a PHP code injection vulnerability because it fails to properly sanitize user-supplied input. Copyright C 2013 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Elastix 2.3 PHP Code Injection Vulnerability

Elastix versions prior to 2.4 php code injection exploit. ? / Exploit Title : Elastix 2.3 , Remote Command Execution Exploit Google Dork : WTF!!!! Version: Elastix All versions below 2.3 , Newer versions maybe affected as well ; Tested on: CentOS CVE : notyet Download Vuln software : elastix.org...

Elastix 2.3 PHP Code Injection

? / Exploit Title : Elastix 2.3 , Remote Command Execution Exploit Google Dork : WTF!!!! Version: Elastix All versions below 2.3 , Newer versions maybe affected as well ; Tested on: CentOS CVE : notyet Download Vuln software : elastix.org Author : Faris AKA i-Hmx Mail : [email protected] Home :...

Elastix 2.3.0 Cross Site Scripting

! /usr/bin/python Author cheki Date 28/11/2012 Test on Linuxmint Vendor Elastix.org Exploit: https://192.168.2.199/xmlservices/Ebook.php?Page=2%3Cscript%3Ealert%28%221%22%29;%3C/script%3E Vulnerability $Page Parameter Ebook.php file $Page = $GET'Page'; // Page index $idxphone = $GET'phone'; //...

Elastix - page Cross-Site Scripting

Elastix - page Cross-Site Scripting source: https://www.securityfocus.com/bid/56746/info Elastix is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

Elastix - &#039;page&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/56746/info Elastix is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...

Elastix 'graph.php' Local File Include Vulnerability

Elastix is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Elastix 2.2.0 - &#039;graph.php&#039; Local File Inclusion

source: https://www.securityfocus.com/bid/55078/info Elastix is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view files and execute local scripts in the context of the web server process. This...

Elastix 2.2.0 - graph.php Local File Inclusion

Elastix 2.2.0 - graph.php Local File Inclusion source: https://www.securityfocus.com/bid/55078/info Elastix is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view files and execute local scripts ...

Elastix 2.2.0 LFI Exploit

Exploit for php platform in category web applications !/usr/bin/perl -w ------------------------------------------------------------------------------------ Elastix is an Open Source Sofware to establish Unified Communications. About this concept, Elastix goal is to incorporate all the...

Elastix 2.2.0 Local File Inclusion

!/usr/bin/perl -w ------------------------------------------------------------------------------------ Elastix is an Open Source Sofware to establish Unified Communications. About this concept, Elastix goal is to incorporate all the communication alternatives, available at an enterprise level, in...

Elastix 2.3.0 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Author: cheki Exploit Title: Elastix 2.3.0 Cross Site Scripting Date: 05-12-2010 Vendor or Software Link:http://www.elastix.org/ Category:WebApp Version:2.3.0 Price:free Contact: email protected Website: hacking.ge Greetings to: Anuka bolqvadz...

FreePBX 2.10.0 / 2.9.0 callmenum Remote Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'FreePBX 2.10.0 / 2.9.0 callmenum Remo...

FreePBX 2.10.0 / 2.9.0 callmenum Remote Code Execution

Exploit for php platform in category web applications This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core'...

FreePBX 2.9.0/2.10.0 - &#039;callmenum&#039; Remote Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'FreePBX 2.10.0 / 2.9.0 callmenum Remo...

FreePBX 2.10.0 / 2.9.0 callmenum Remote Code Execution

This module exploits FreePBX version 2.10.0,2.9.0 and possibly older. Due to the way callmepage.php handles the 'callmenum' parameter, it is possible to inject code to the '$channel' variable in function callmestartcall in order to gain remote code execution. Please note in order to use this modu...

FreePBX 2.10.0 / Elastic 2.2.0 Remote Code Execution

!/usr/bin/python Exploit Title: FreePBX / Elastix pre-authenticated remote code execution exploit Google Dork: oy vey Date: March 23rd, 2010 Author: muts Version: FreePBX 2.10.0/ 2.9.0, Elastix 2.2.0, possibly others. Tested on: multiple CVE : notyet Blog post :...

FreePBX 2.10.0 Elastix 2.2.0 - Remote Code Execution

FreePBX 2.10.0 Elastix 2.2.0 - Remote Code Execution !/usr/bin/python Exploit Title: FreePBX / Elastix pre-authenticated remote code execution exploit Google Dork: oy vey Date: March 23rd, 2012 Author: muts Version: FreePBX 2.10.0/ 2.9.0, Elastix 2.2.0, possibly others. Tested on: multiple CVE :...

FreePBX 2.10.0 / Elastix 2.2.0 - Remote Code Execution

!/usr/bin/python Exploit Title: FreePBX / Elastix pre-authenticated remote code execution exploit Google Dork: oy vey Date: March 23rd, 2012 Author: muts, SSL update by Emporeo Version: FreePBX 2.10.0/ 2.9.0, Elastix 2.2.0, possibly others. Tested on: multiple CVE : notyet Blog post :...

Elastix PBX Extensions Enumeration

Exploit Title: Elastix PBX Extensions Enumeration Date: 1 Oct 2011 Author: Bassem Saleh Contact: Injectoratlivedotcom Software Link: http://www.elastix.org/ Version: 2.X and may be below versions Tested on: 2.0.3 ================================================================ Non privileges user...