EUVD-2006-2022

Malware in sbrugna...

pipewire Security Vulnerabilities

pipewire is pipewire open source an underlying multimedia framework for processing audio and video on Linux systems. A security vulnerability exists in pipewire that stems from the Ubuntu pipeline-pulse in snap granting microphone access when the snap interface for audio recording is not set...

UBUNTU-CVE-2022-4964

Ubuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not set...

FreePBX Remote Code Execution

Exploit Title: Freepbx coockie recordings injection Google Dork: Ask Santa Date: 23/12/2016 Exploit Author: inj3ctor3 Vendor Homepage: https://www.freepbx.org/ Software Link: ISO LINKS IN SITE https://www.freepbx.org/ Version: ALL && unpatched/ Trixbox/freepbx/elastix/pbxinflash/ Tested on: Cento...

Freepbx < 2.11.1.5 - Remote Code Execution

Exploit Title: Freepbx coockie recordings injection Google Dork: Ask Santa Date: 23/12/2016 Exploit Author: inj3ctor3 Vendor Homepage: https://www.freepbx.org/ Software Link: ISO LINKS IN SITE https://www.freepbx.org/ Version: ALL && unpatched/ Trixbox/freepbx/elastix/pbxinflash/ Tested on: Cento...

Freepbx 2.11.1.5 - Remote Code Execution

Freepbx 2.11.1.5 - Remote Code Execution Exploit Title: Freepbx coockie recordings injection Google Dork: Ask Santa Date: 23/12/2016 Exploit Author: inj3ctor3 Vendor Homepage: https://www.freepbx.org/ Software Link: ISO LINKS IN SITE https://www.freepbx.org/ Version: ALL && unpatched/...

FreePBX Framework Asterisk Recording Interface unserialize Code Execution (CVE-2014-7235)

A code execution vulnerability exists in FreePBX. The vulnerability is due to an input validation issue in the index.php file of the recordings directory...

CVE-2014-7235

htdocsari/includes/login.php in the ARI Framework module/Asterisk Recording Interface ARI in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ariauth cookie, related to the PHP unserialize function, as exploited in the wild in...

Asterisk Recording Interface 0.7.15 Audio.PHP Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17641/info Asterisk Recording Interface is prone to an information-disclosure vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this...

FreePBX Recording Interface File Upload Code Execution (CVE-2010-3490)

FreePBX is an open source software implementation of a telephone Private Branch eXchange PBX. It allows a number of attached telephones to make calls to one another, and to connect to other telephone services including the public switched telephone network. A code execution vulnerability exists i...

Asterisk Recording Interface Cross Site Request Forgery / Cross Site Scripting / Denial Of Service / Local File Inclusion

Found By: TurboBorland Email: [email protected] Software: Asterisk Recording Interface Date Found: 07/01/2010 Ethical Disclosure: Site down, no other location for project, author can not be found, no one to get in touch with. Submission. Vulnerabilities: LFI steal voicemail only need to supply...

Asterisk Recording Interface 0.7.150.10 - Multiple Vulnerabilities

Asterisk Recording Interface 0.7.150.10 - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/41571/info The Asterisk Recording Interface is prone to the following issues: 1. Multiple security bypass vulnerabilities. 2. A cross-site request-forgery vulnerability. 3. A cross-site...

Asterisk Recording Interface 0.7.15/0.10 - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/41571/info The Asterisk Recording Interface is prone to the following issues: 1. Multiple security bypass vulnerabilities. 2. A cross-site request-forgery vulnerability. 3. A cross-site scripting vulnerability. Attackers can exploit these issues to steal...

Asterisk Recording Interface (ARI) Default Administrator Credentials

The remote web server hosts Asterisk Recording Interface ARI, which provides a web-enabled interface for Asterisk users to manage their voicemail and phone features. The remote installation of ARI uses a default set of credentials for the administrator's account. With this information, an attacke...

Improper access control

Asterisk Recording Interface ARI in Asterisk@Home before 2.8 stores recordings/includes/main.conf under the web document root with insufficient access control, which allows remote attackers to obtain password information...

CVE-2006-2020

Asterisk Recording Interface ARI in Asterisk@Home before 2.8 stores recordings/includes/main.conf under the web document root with insufficient access control, which allows remote attackers to obtain password information...

Asterisk Recording Interface 0.7.15 - Audio.php Information Disclosure

Asterisk Recording Interface 0.7.15 - Audio.php Information Disclosure source: https://www.securityfocus.com/bid/17641/info Asterisk Recording Interface is prone to an information-disclosure vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input...

Asterisk Recording Interface 0.7.15 - 'Audio.php' Information Disclosure

source: https://www.securityfocus.com/bid/17641/info Asterisk Recording Interface is prone to an information-disclosure vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary MP3,...