Archive for March, 2012

FreePBX 2.9.0.6 Shell Upload


====[ Alligator Security Team]===============================================

FreePBX - Module Administration Arbitrary File Upload

Members: Tiago Ferreira < tiago SPAM alligatorteam.org >

====[ Table of Contents]=====================================================

1. Overview
2. Detailed description
3. Other Contexts & Solutions
4. Thanks
5. References

====[ Overview]==============================================================

Read more

No Comments

FreePBX Credential Disclosure


Have freePBX running on a public IP, and don’t have the latest version? It may be vulnerable.

If you have an asterisk phone server running on a public IP, using the freePBX web GUI, and don’t have one of 
Read more

No Comments

FreePBX 2.10.0 Remote Command Execution / XSS


Product: FreePBX
Version: 2.10.0, 2.9.0 and perhaps earlier versions
Type: Remote Command Execution, XSS
Release Date: March 14, 2012
Vendor Notification Date: Jun 12, 2011
Author: Martin Tschirsich

Overview:

A remote command execution vulnerability and some XSS in current 
Read more

No Comments