Archive for category VoIP

FreePBX Shell Upload

====[ Alligator Security Team]===============================================

FreePBX - Module Administration Arbitrary File Upload

Members: Tiago Ferreira < tiago SPAM >

====[ Table of Contents]=====================================================

1. Overview
2. Detailed description
3. Other Contexts & Solutions
4. Thanks
5. References

====[ Overview]==============================================================

Read more

No Comments

FreePBX Credential Disclosure

Have freePBX running on a public IP, and don’t have the latest version? It may be vulnerable.

If you have an asterisk phone server running on a public IP, using the freePBX web GUI, and don’t have one of 
Read more

No Comments

FreePBX 2.10.0 Remote Command Execution / XSS

Product: FreePBX
Version: 2.10.0, 2.9.0 and perhaps earlier versions
Type: Remote Command Execution, XSS
Release Date: March 14, 2012
Vendor Notification Date: Jun 12, 2011
Author: Martin Tschirsich


A remote command execution vulnerability and some XSS in current 
Read more

No Comments