8 matches found
FreePBX 10.13.66 Remote Command Execution / Privilege Escalation Exploit
Exploit for php platform in category remote exploits !/usr/bin/env python ''' Title | FreePBX 13 Remote Command Execution and Privilege Escalation Date | 10/21/2016 Author | Christopher Davis Vendor | https://www.freepbx.org/ Version | FreePBX 13 & 14 System Recordings Module versions: 13.0.1beta...
FreePBX Recordings Backdoor Upload
Added: 10/14/2016 Background FreePBX is a web-based open-source graphical user interface used to manage Asterisk PBX, an open-source communication server. The FreePBX System Recordings module allows playback of recorded files. Problem The System Recordings module in FreePBX 13 and 14 is vulnerabl...
FreePBX Recordings Backdoor Upload
Added: 10/14/2016 Background FreePBX is a web-based open-source graphical user interface used to manage Asterisk PBX, an open-source communication server. The FreePBX System Recordings module allows playback of recorded files. Problem The System Recordings module in FreePBX 13 and 14 is vulnerabl...
FreePBX 13/14 - Remote Command Execution / Privilege Escalation
!/usr/bin/env python -- coding, latin-1 -- DESCRIPTION FreePBX 13 remote root 0day - Found and exploited by pgt @ nullsecurity.net AUTHOR pgt - nullsecurity.net DATE 8-12-2016 VERSION freepbx0day.py 0.1 AFFECTED VERSIONS FreePBX 13 & 14 System Recordings Module versions: 13.0.1beta1 - 13.0.26 STA...
FreePBX Recording Interface File Upload Code Execution (CVE-2010-3490)
FreePBX is an open source software implementation of a telephone Private Branch eXchange PBX. It allows a number of attached telephones to make calls to one another, and to connect to other telephone services including the public switched telephone network. A code execution vulnerability exists i...
Directory traversal
Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. dot dot in the usersnum parameter to admin/config.php, as...
CVE-2010-3490
Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. dot dot in the usersnum parameter to admin/config.php, as...
CVE-2010-3490
CVE-2010-3490 affects FreePBX