Lucene search
K

4 matches found

Prion
Prion
added 2007/04/30 10:19 p.m.15 views

Code injection

admin/config.php in the music-on-hold module in freePBX 2.2.x allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the del parameter...

6.5CVSS7.8AI score0.02276EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2007/04/30 10:0 p.m.51 views

CVE-2007-2350

The CVE concerns admin/config.php in the music-on-hold module of freePBX 2.2.x. It allows a remote authenticated administrator to execute arbitrary commands via shell metacharacters in the del parameter, indicating input handling/sanitization flaws in that file. Impact is potential remote command...

6.5CVSS7.3AI score0.02276EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2007/04/24 5:19 p.m.16 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the 1 From, 2 To, 3 Call-ID, 4 User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by...

6.8CVSS5.9AI score0.04456EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2007/04/24 5:0 p.m.55 views

CVE-2007-2191

CVE-2007-2191 describes multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.2.x . The flaws allow remote attackers to inject arbitrary web script or HTML via SIP-related fields (1) From, (2) To, (3) Call-ID, (4) User-Agent, and potentially other SIP headers, with the malicious data s...

6.8CVSS5.7AI score0.04456EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder