Page 5 of 26 results (0.007 seconds)

CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to inject arbitrary web script or HTML via the (1) display parameter to reports.php, the (2) order and (3) extdisplay parameters to config.php, and the (4) sort parameter to recordings/index.php. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados(XSS) en FreePBX v2.5.1, y otras v2.4.x, v2.5.x, y versiones pre-release v2.6.x, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través (1) del parámetro display a reports.php, (2) el order y (3) el parámetro extdisplay a config.php, y (4) el parámetro sort a recordings/index.php. NOTA: algunos de estos detalles han sido obtenidos a partir de terceros. • http://freepbx.org/trac/ticket/3660 http://osvdb.org/54259 http://osvdb.org/54260 http://osvdb.org/54261 http://secunia.com/advisories/34772 http://www.securityfocus.com/bid/34857 https://exchange.xforce.ibmcloud.com/vulnerabilities/50361 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0

FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. FreePBX v2.5.1, v2.4.x, v2.5.x, y pre-release v2.6.x, genera distintos errores tras intentos de login fallidos dependiendo de si la cuenta de usuario existe o no, lo que permite a atacantes remotos listar nombres de usuarios váalidos. • http://freepbx.org/trac/ticket/3660 http://secunia.com/advisories/34772 http://www.osvdb.org/54263 http://www.securityfocus.com/bid/34857 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 1

admin/config.php in the music-on-hold module in freePBX 2.2.x allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the del parameter. admin/config.php en el módulo music-on-hold de freePBX 2.2.x permite a administradores remotos autenticados ejecutar comandos de su elección mediante meta-caracteres de consola de comandos en el parámetro del. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053915.html http://osvdb.org/35316 http://secunia.com/advisories/24935 http://securityreason.com/securityalert/2652 http://www.vupen.com/english/advisories/2007/1535 •

CVSS: 6.8EPSS: 16%CPEs: 9EXPL: 2

Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by admin/modules/logfiles/asterisk-full-log.php. Múltiples vulnerabilidades de secuencia de comandos en sitios cruzados (XSS) en freePBX 2.2.x permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de los campos (1) From, (2) To, (3) Call-ID, (4) User-Agent, y otros no especificados del protocolo SIP, lo cuales son almacenados en /var/log/asterisk/full y mostrados por admin/modules/logfiles/asterisk-full-log.php. • https://www.exploit-db.com/exploits/29873 http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053882.html http://osvdb.org/35315 http://secunia.com/advisories/24935 http://securityreason.com/securityalert/2627 http://www.securityfocus.com/bid/23575 http://www.vupen.com/english/advisories/2007/1535 https://exchange.xforce.ibmcloud.com/vulnerabilities/33772 •

CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 2

PHP remote file inclusion vulnerability in upgrade.php in Coalescent Systems freePBX 2.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the amp_conf[AMPWEBROOT] parameter. Vulnerabilidad PHP de inclusión remota de archivo en upgrade.php en Coalescent Systems freePBX 2.1.3 permite a atacantes remotos ejecutar código PHP de su elección a través de una URL en el parámetro amp_conf[AMPWEBROOT]. • https://www.exploit-db.com/exploits/2665 http://www.securityfocus.com/bid/20785 https://exchange.xforce.ibmcloud.com/vulnerabilities/29879 •