PT-2026-47847

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, esl recv event parses Content-Length with atol and passes the result straight to mallocle...

VulnCheck KEV: CVE-2019-19492

FreeSWITCH 1.6.10 through 1.10.1 has a default password in eventsocket.conf.xml...

FreeSWITCH Event Socket Login

This module tests FreeSWITCH Event Socket logins on a range of machines and report successful attempts. Module Options msf use auxiliary/scanner/misc/freeswitcheventsocketlogin msf auxiliaryfreeswitcheventsocketlogin show actions ...actions... msf auxiliaryfreeswitcheventsocketlogin set ACTION ms...

Metasploit Weekly Wrap-Up

DFSCoerce - Distributing more than just files DFS Distributed File System is now distributing Net-NTLM credentials thanks to Spencer McIntyre with a new auxiliary/scanner/dcerpc/dfscoerce module that is similar to PetitPotam in how it functions. Note that unlike PetitPotam, this technique does...

The vulnerability of the configuration file event_socket.conf.xml, which is part of the program-defined telecommunication stack FreeSWITCH and the application for unified video control called Victor, allows a perpetrator to gain full control over the system.

The vulnerability of the eventsocket.conf.xml configuration file for the program-defined telecommunication stack FreeSWITCH and its application for unified video control involves the use of default credentials. Exploiting this vulnerability could allow a malicious actor to gain full control over...

CVE-2019-19492

FreeSWITCH 1.6.10 through 1.10.1 has a default password in eventsocket.conf.xml...

FreeSWITCH - Event Socket Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FreeSWITCH Event Socket Command Execution', 'Description' = %q This module uses the FreeSWITCH event socket interface to execute system commands...

FreeSWITCH Event Socket Command Execution Exploit

This Metasploit module uses the FreeSWITCH event socket interface to execute system commands using the system API command. The event socket service is enabled by default and listens on TCP port 8021 on the local network interface. This module has been tested successfully on FreeSWITCH versions:...

FreeSWITCH Event Socket Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FreeSWITCH Event Socket Command Execution', 'Description' = %q This module uses the FreeSWITCH event socket interface to execute system commands...

FusionPBX Operator Panel exec.php Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FusionPBX Operator Panel exec.php Command Execution', 'Description' = %q This module exploits an authenticated command injection vulnerability in...

CVE-2019-19492

creationtimestamp| type| source ---|---|--- 2019-11-13 17:44:06+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/misc/freeswitcheventsocketcmdexec.rb 2024-03-05 14:46:26+00:00| seen| https://t.me/ctinow/200288 2025-10-23 21:12:58+00:00| seen|...

FreeSWITCH Event Socket Command Execution

This module uses the FreeSWITCH event socket interface to execute system commands using the system API command. The event socket service is enabled by default and listens on TCP port 8021 on the local network interface. This module has been tested successfully on FreeSWITCH versions:...

FusionPBX Operator Panel exec.php Command Execution

This module exploits an authenticated command injection vulnerability in FusionPBX versions 4.4.3 and prior. The exec.php file within the Operator Panel permits users with operatorpanelview permissions, or administrator permissions, to execute arbitrary commands as the web server user by sending ...