VYPR

Freepbx

by Freepbx

Source repositories

CVEs (46)

  • CVE-2014-7235Oct 7, 2014
    risk 0.00cvss epss 0.43

    htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as…

  • CVE-2009-1803May 28, 2009
    risk 0.00cvss epss 0.01

    FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

  • CVE-2009-1802May 28, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for requests that create a new admin account or have unspecified other impact.

  • CVE-2009-1801May 28, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to inject arbitrary web script or HTML via the (1) display parameter to reports.php, the (2) order and (3) extdisplay parameters…

  • CVE-2007-2350Apr 30, 2007
    risk 0.00cvss epss 0.02

    admin/config.php in the music-on-hold module in freePBX 2.2.x allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the del parameter.

  • CVE-2006-6244Dec 4, 2006
    risk 0.00cvss epss 0.02

    Coalescent Systems freePBX (formerly Asterisk Management Portal) before 2.2.0rc1 allows attackers to execute arbitrary commands via shell metacharacters in (1) CALLERID(name) or (2) CALLERID(number).

Page 3 of 3