Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sangoma freepbx vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2009-1803
FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote malicious users to enumerate valid usernames.
Freepbx Freepbx 2.5.0rc2
Freepbx Freepbx 2.4.0 Beta1
Freepbx Freepbx 2.5.2
Freepbx Freepbx 2.5.0 Beta1
Freepbx Freepbx 2.4.1
Freepbx Freepbx 2.4.0 Beta2
Freepbx Freepbx 2.5.0rc3
Freepbx Freepbx 2.5
Freepbx Freepbx 2.5.1
Freepbx Freepbx 2.4
Sangoma Freepbx 2.4.0
Sangoma Freepbx 2.5.0
435
VMScore
CVE-2012-4870
Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2) panel/dhtml/index.php; (3) clid or (4) clidname parameters to p...
Sangoma Freepbx
1 EDB exploit
383
VMScore
CVE-2019-16967
An issue exists in Manager 13.x prior to 13.0.2.6 and 15.x prior to 15.0.6 before FreePBX 14.0.10.3. In the Manager module form (html\admin\modules\manager\views\form.php), an unsanitized managerdisplay variable coming from the URL is reflected in HTML, leading to XSS. It can be ...
Freepbx Manager
Freepbx Manager 13.0.1
Sangoma Freepbx
383
VMScore
CVE-2019-16966
An issue exists in Contactmanager 13.x prior to 13.0.45.3, 14.x prior to 14.0.5.12, and 15.x prior to 15.0.8.21 for FreePBX 14.0.10.3. In the Contactmanager class (html\admin\modules\contactmanager\Contactmanager.class.php), an unsanitized group variable coming from the URL is re...
Freepbx Contactmanager 13.0.0
Freepbx Contactmanager
Freepbx Contactmanager 14.0.1
Sangoma Freepbx 14.0.10.3
383
VMScore
CVE-2009-1801
Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote malicious users to inject arbitrary web script or HTML via the (1) display parameter to reports.php, the (2) order and (3) extdisplay paramet...
Freepbx Freepbx 2.5.0rc2
Freepbx Freepbx 2.4.0 Beta1
Freepbx Freepbx 2.5.2
Freepbx Freepbx 2.5.0 Beta1
Freepbx Freepbx 2.4.1
Freepbx Freepbx 2.4.0 Beta2
Freepbx Freepbx 2.5.0rc3
Freepbx Freepbx 2.5.1
Freepbx Freepbx 2.4
Sangoma Freepbx 2.4.0
Sangoma Freepbx 2.5.0
312
VMScore
CVE-2019-19615
Multiple XSS vulnerabilities exist in the Backup & Restore module \ v14.0.10.2 through v14.0.10.7 for FreePBX, as shown at /admin/config.php?display=backup on the FreePBX Administrator web site. An attacker can modify the id parameter of the backup configuration screen and em...
Sangoma Freepbx
312
VMScore
CVE-2019-19852
An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Call Event Logging report screen in the cel module at the admin/config.php?display=cel URI via date fields. This affects cel up to and including 13.0.26.9, 14.x up to and including 14.0....
Sangoma Freepbx
312
VMScore
CVE-2019-19851
An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfecta module at the admin/config.php?display=superfecta URI. This affects Superfecta up to and including 13.0.4.7, 14.x up to and including 14.0.24, and 15.x ...
Sangoma Freepbx
312
VMScore
CVE-2019-19551
In userman 13.0.76.43 up to and including 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zon...
Sangoma Freepbx
312
VMScore
CVE-2019-19552
In userman 13.0.76.43 up to and including 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. An attacker with sufficient privileges can edit the Display Name of a user and embed malic...
Sangoma Freepbx
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »