EUVD-2019-3083

Malware in sbrugna...

EUVD-2018-17463

Malware in sbrugna...

Rockwell Automation LP30/40/50 and BM40 Operator Interface

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : LP30, LP40, LP50, and BM40 Operator Panels Vulnerability : Improper Validation of Consistency within Input, Out-of-bounds Write, Stack-based Buffer Overflow,...

FusionPBX - Operator Panel exec.php Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FusionPBX Operator Panel exec.php Command Execution', 'Description' = %q This module exploits an authenticated command injection vulnerability in...

FusionPBX Operator Panel (exec.php) Command Execution Exploit

This Metasploit module exploits an authenticated command injection vulnerability in FusionPBX versions 4.4.3 and prior. The exec.php file within the Operator Panel permits users with operatorpanelview permissions, or administrator permissions, to execute arbitrary commands as the web server user ...

FusionPBX Operator Panel exec.php Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FusionPBX Operator Panel exec.php Command Execution', 'Description' = %q This module exploits an authenticated command injection vulnerability in...

FusionPBX Operator Panel exec.php Command Execution

This module exploits an authenticated command injection vulnerability in FusionPBX versions 4.4.3 and prior. The exec.php file within the Operator Panel permits users with operatorpanelview permissions, or administrator permissions, to execute arbitrary commands as the web server user by sending ...

Lenze EL 1800 Touch Operator Panel

Binary data 764794.prm...

FreePBX Operator Panel Module Information Disclosure Vulnerability

FreePBX formerly known as Asterisk Management Portal is a set of tools from the FreePBX project for configuring Asterisk IP telephony system through a GUI web-based graphical interface. An information disclosure vulnerability exists in the app/operatorpanel/indexinc.php file of the Operator Panel...

Command injection

app/operatorpanel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. This can further lead to remote code execution when...

CVE-2019-11407

app/operatorpanel/indexinc.php in the Operator Panel module in FusionPBX 4.4.3 suffers from an information disclosure vulnerability due to excessive debug information, which allows authenticated administrative attackers to obtain credentials and other sensitive information...

CVE-2019-11408

XSS in app/operatorpanel/indexinc.php in the Operator Panel module in FusionPBX 4.4.3 allows remote unauthenticated attackers to inject arbitrary JavaScript characters by placing a phone call using a specially crafted caller ID number. This can further lead to remote code execution by chaining th...

Command injection

XSS in app/operatorpanel/indexinc.php in the Operator Panel module in FusionPBX 4.4.3 allows remote unauthenticated attackers to inject arbitrary JavaScript characters by placing a phone call using a specially crafted caller ID number. This can further lead to remote code execution by chaining th...

Information disclosure

app/operatorpanel/indexinc.php in the Operator Panel module in FusionPBX 4.4.3 suffers from an information disclosure vulnerability due to excessive debug information, which allows authenticated administrative attackers to obtain credentials and other sensitive information...

CVE-2019-11409

FusionPBX Operator Panel (exec.php) suffers a command-injection flaw in 4.4.3 and earlier. The vuln arises from insufficient input validation in app/operator_panel/exec.php, allowing authenticated users with operator_panel_view or admin rights to inject commands that execute on the web server (vi...

CVE-2019-11408

XSS in app/operatorpanel/indexinc.php in the Operator Panel module in FusionPBX 4.4.3 allows remote unauthenticated attackers to inject arbitrary JavaScript characters by placing a phone call using a specially crafted caller ID number. This can further lead to remote code execution by chaining th...

CVE-2019-11408

FusionPBX 4.4.3 is affected by CVE-2019-11408 (XSS) in the Operator Panel’s app/operator_panel/index_inc.php. An unauthenticated attacker can inject JavaScript by crafting the Caller ID/From field during a call, which is stated to chain into remote code execution via a second vulnerability (CVE-2...

CVE-2019-11407

The CVE CVE-2019-11407 affects FusionPBX 4.4.3’s Operator Panel module (app/operator_panel/index_inc.php). The root cause is information disclosure due to excessive debug information, allowing authenticated administrative attackers to obtain credentials and other sensitive information. No exploit...

FusionPBX Operator Panel module cross-site scripting vulnerability (CNVD-2019-40060)

FusionPBX is a scalable, multi-threaded communication platform. The platform can be used as a call center server, fax server, voip server, voicemail server, conference server and voice application server, etc. Operator Panel module is one of the operator panel modules. The platform can be used as...

FusionPBX Operator Panel Module Cross-Site Scripting Vulnerability

FusionPBX is a scalable, multi-threaded communications platform. The platform can be used as a call center server, fax server, VOIP server, voicemail server, conference server and voice application server. A cross-site scripting vulnerability exists in the app/operatorpanel/indexinc.php file of t...