CVE-2022-36453

The CVE-2022-36453 affects Mitel MiCollab Client API (MiCollab versions 9.1.3–9.5.0.101). The underlying issue is improper authorization controls in the client API, allowing an authenticated attacker to modify their own profile parameters and potentially take control of another extension number. ...

CVE-2019-15059

In Liberty lisPBX 2.0-4, configuration backup files can be retrieved remotely from /backup/lispbx-CONF-YYYY-MM-DD.tar or /backup/lispbx-CDR-YYYY-MM-DD.tar without authentication or authorization. These configuration files have all PBX information including extension numbers, contacts, and passwor...

Authorization

In Liberty lisPBX 2.0-4, configuration backup files can be retrieved remotely from /backup/lispbx-CONF-YYYY-MM-DD.tar or /backup/lispbx-CDR-YYYY-MM-DD.tar without authentication or authorization. These configuration files have all PBX information including extension numbers, contacts, and passwor...

FreePBX 2.10.0 / 2.9.0 callmenum Remote Code Execution

Exploit for php platform in category web applications This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core'...