CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0CVE-2009-1803
https://notcve.org/view.php?id=CVE-2009-1803
FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. FreePBX v2.5.1, v2.4.x, v2.5.x, y pre-release v2.6.x, genera distintos errores tras intentos de login fallidos dependiendo de si la cuenta de usuario existe o no, lo que permite a atacantes remotos listar nombres de usuarios váalidos. • http://freepbx.org/trac/ticket/3660 http://secunia.com/advisories/34772 http://www.osvdb.org/54263 http://www.securityfocus.com/bid/34857 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2008-6598
https://notcve.org/view.php?id=CVE-2008-6598
Multiple race conditions in WANPIPE before 3.3.6 have unknown impact and attack vectors related to "bri restart logic." Multiples condiciones de carrera en WANPIPE anteriores a v3.3.6 tiene un impacto desconocido y vectores de ataque relacionados con "bri restart logic". • http://freshmeat.net/projects/wanpipe/releases/276026 http://osvdb.org/48840 https://exchange.xforce.ibmcloud.com/vulnerabilities/49828 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •