Freepbx
by Freepbx
Source repositories
CVEs (46)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-7235 | 0.00 | — | 0.43 | Oct 7, 2014 | htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as… | |||
| CVE-2009-1803 | 0.00 | — | 0.01 | May 28, 2009 | FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. | |||
| CVE-2009-1802 | 0.00 | — | 0.01 | May 28, 2009 | Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for requests that create a new admin account or have unspecified other impact. | |||
| CVE-2009-1801 | 0.00 | — | 0.01 | May 28, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to inject arbitrary web script or HTML via the (1) display parameter to reports.php, the (2) order and (3) extdisplay parameters… | |||
| CVE-2007-2350 | 0.00 | — | 0.02 | Apr 30, 2007 | admin/config.php in the music-on-hold module in freePBX 2.2.x allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the del parameter. | |||
| CVE-2006-6244 | 0.00 | — | 0.02 | Dec 4, 2006 | Coalescent Systems freePBX (formerly Asterisk Management Portal) before 2.2.0rc1 allows attackers to execute arbitrary commands via shell metacharacters in (1) CALLERID(name) or (2) CALLERID(number). |
- CVE-2014-7235Oct 7, 2014risk 0.00cvss —epss 0.43
htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as…
- CVE-2009-1803May 28, 2009risk 0.00cvss —epss 0.01
FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
- CVE-2009-1802May 28, 2009risk 0.00cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for requests that create a new admin account or have unspecified other impact.
- CVE-2009-1801May 28, 2009risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to inject arbitrary web script or HTML via the (1) display parameter to reports.php, the (2) order and (3) extdisplay parameters…
- CVE-2007-2350Apr 30, 2007risk 0.00cvss —epss 0.02
admin/config.php in the music-on-hold module in freePBX 2.2.x allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the del parameter.
- CVE-2006-6244Dec 4, 2006risk 0.00cvss —epss 0.02
Coalescent Systems freePBX (formerly Asterisk Management Portal) before 2.2.0rc1 allows attackers to execute arbitrary commands via shell metacharacters in (1) CALLERID(name) or (2) CALLERID(number).
Page 3 of 3