Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sangoma vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-10666
The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 up to and including 15.0.19.2 allows remote code execution via a URL variable to an AMI command.
Sangoma Restapps
6.1
CVSSv3
CVE-2019-25090
A vulnerability was found in FreePBX arimanager up to 13.0.5.3 and classified as problematic. Affected by this issue is some unknown functionality of the component Views Handler. The manipulation of the argument dataurl leads to cross site scripting. The attack may be launched re...
Sangoma Freepbx
9.8
CVSSv3
CVE-2019-19006
Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.
Sangoma Freepbx
7.2
CVSSv3
CVE-2019-19538
In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 up to and including 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation.
Sangoma Freepbx
4.8
CVSSv3
CVE-2019-19551
In userman 13.0.76.43 up to and including 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zon...
Sangoma Freepbx
4.8
CVSSv3
CVE-2019-19552
In userman 13.0.76.43 up to and including 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. An attacker with sufficient privileges can edit the Display Name of a user and embed malic...
Sangoma Freepbx
4.8
CVSSv3
CVE-2019-19615
Multiple XSS vulnerabilities exist in the Backup & Restore module \ v14.0.10.2 through v14.0.10.7 for FreePBX, as shown at /admin/config.php?display=backup on the FreePBX Administrator web site. An attacker can modify the id parameter of the backup configuration screen and em...
Sangoma Freepbx
NA
CVE-2014-7235
htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX prior to 2.9.0.9, 2.10.x, and 2.11 prior to 2.11.1.5 allows remote malicious users to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, a...
Freepbx Freepbx 2.10.0.5
Freepbx Freepbx 2.10.0.6
Sangoma Freepbx 2.11.0.2
Sangoma Freepbx 2.11.0.3
Freepbx Freepbx 2.10.0.1
Freepbx Freepbx 2.10.0.2
Freepbx Freepbx 2.10.0.9
Freepbx Freepbx 2.10.0.10
Freepbx Freepbx 2.11.1.1
Freepbx Freepbx 2.11.1.2
Sangoma Freepbx
Freepbx Freepbx 2.10.0.0
Freepbx Freepbx 2.10.0.7
Freepbx Freepbx 2.10.0.8
Sangoma Freepbx 2.11.0.4
Freepbx Freepbx 2.11.1.0
Freepbx Freepbx 2.10.0.3
Freepbx Freepbx 2.10.0.4
Sangoma Freepbx 2.11.0.0
Sangoma Freepbx 2.11.0.1
Freepbx Freepbx 2.11.1.3
Freepbx Freepbx 2.11.1.4
1 EDB exploit
5.3
CVSSv3
CVE-2021-45310
Sangoma Technologies Corporation Switchvox Version 102409 is affected by an information disclosure vulnerability due to an improper access restriction. Users information such as first name, last name, acount id, server uuid, email address, profile image, number, timestamps, etc c...
Sangoma Switchvox 102409
9.8
CVSSv3
CVE-2019-12147
The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to Argument Injection via special characters in the username field. Upon successful exploitation, a remote unauthenticated user can create a local system user with sudo privileges, and use that ...
Sangoma Session Border Controller Firmware 2.3.23-119-ga
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »