CVE-2010-3490
- EPSS 8.97%
- Published 28.09.2010 18:00:03
- Last modified 11.04.2025 00:51:21
Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. (dot dot) in the use...
CVE-2009-1801
- EPSS 0.48%
- Published 28.05.2009 14:30:00
- Last modified 09.04.2025 00:30:58
Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to inject arbitrary web script or HTML via the (1) display parameter to reports.php, the (2) order an...
- EPSS 0.32%
- Published 28.05.2009 14:30:00
- Last modified 09.04.2025 00:30:58
FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
CVE-2009-1802
- EPSS 0.14%
- Published 28.05.2009 14:30:00
- Last modified 09.04.2025 00:30:58
Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for requests that create a new admin account or have un...