VulnCheck KEV: CVE-2019-19492

FreeSWITCH 1.6.10 through 1.10.1 has a default password in eventsocket.conf.xml...

FreeSWITCH Event Socket Login

This module tests FreeSWITCH Event Socket logins on a range of machines and report successful attempts. Module Options msf use auxiliary/scanner/misc/freeswitcheventsocketlogin msf auxiliaryfreeswitcheventsocketlogin show actions ...actions... msf auxiliaryfreeswitcheventsocketlogin set ACTION ms...

Metasploit Weekly Wrap-Up

DFSCoerce - Distributing more than just files DFS Distributed File System is now distributing Net-NTLM credentials thanks to Spencer McIntyre with a new auxiliary/scanner/dcerpc/dfscoerce module that is similar to PetitPotam in how it functions. Note that unlike PetitPotam, this technique does...

CVE-2019-19492

FreeSWITCH 1.6.10 through 1.10.1 has a default password in eventsocket.conf.xml...

FreeSWITCH - Event Socket Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FreeSWITCH Event Socket Command Execution', 'Description' = %q This module uses the FreeSWITCH event socket interface to execute system commands...

FreeSWITCH Event Socket Command Execution Exploit

This Metasploit module uses the FreeSWITCH event socket interface to execute system commands using the system API command. The event socket service is enabled by default and listens on TCP port 8021 on the local network interface. This module has been tested successfully on FreeSWITCH versions:...

FreeSWITCH Event Socket Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FreeSWITCH Event Socket Command Execution', 'Description' = %q This module uses the FreeSWITCH event socket interface to execute system commands...

FusionPBX Operator Panel exec.php Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FusionPBX Operator Panel exec.php Command Execution', 'Description' = %q This module exploits an authenticated command injection vulnerability in...

CVE-2019-19492

creationtimestamp| type| source ---|---|--- 2019-11-13 17:44:06+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/misc/freeswitcheventsocketcmdexec.rb 2024-03-05 14:46:26+00:00| seen| https://t.me/ctinow/200288 2025-10-23 21:12:58+00:00| seen|...

FreeSWITCH Event Socket Command Execution

This module uses the FreeSWITCH event socket interface to execute system commands using the system API command. The event socket service is enabled by default and listens on TCP port 8021 on the local network interface. This module has been tested successfully on FreeSWITCH versions:...

FusionPBX Operator Panel exec.php Command Execution

This module exploits an authenticated command injection vulnerability in FusionPBX versions 4.4.3 and prior. The exec.php file within the Operator Panel permits users with operatorpanelview permissions, or administrator permissions, to execute arbitrary commands as the web server user by sending ...