what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

FreeSWITCH 1.10.6 SRTP Packet Denial Of Service
Posted Oct 25, 2021
Authored by Sandro Gauci | Site enablesecurity.com

FreeSWITCH versions 1.10.6 and below suffer from a denial of service vulnerability when handling invalid SRTP packets.

tags | exploit, denial of service
advisories | CVE-2021-41105
MD5 | 37827909a81c36beab35ceb2b90f4361

Related Files

FreeSWITCH 1.10.5 SIP SUBSCRIBE Missing Authentication
Posted Oct 25, 2021
Authored by Sandro Gauci | Site enablesecurity.com

FreeSWITCH versions 1.10.5 and below fail to authenticate SIP SUBSCRIBE requests by default.

tags | exploit
advisories | CVE-2021-41157
MD5 | b75da6bd952d1ea694468e6d2bfae3f9
FreeSWITCH 1.10.6 Missing SIP MESSAGE Authentication
Posted Oct 25, 2021
Authored by Sandro Gauci | Site enablesecurity.com

FreeSWITCH versions 1.10.6 and below fails to authenticate SIP MESSAGE requests, leading to spam and message spoofing vulnerabilities.

tags | exploit, spoof, vulnerability
advisories | CVE-2021-37624
MD5 | b4aff248f421f3eeaeead351a288bc49
FreeSWITCH 1.10.6 SIP Flooding Denial Of Service
Posted Oct 25, 2021
Authored by Sandro Gauci | Site enablesecurity.com

FreeSWITCH versions 1.10.6 and below suffer from a SIP flooding denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2021-41145
MD5 | be03962120b7338fc8ce46976cff9fd7
FreeSWITCH 1.10.6 SIP Digest Leak
Posted Oct 25, 2021
Authored by Sandro Gauci | Site enablesecurity.com

FreeSWITCH versions 1.10.6 and below suffer from a SIP digest leak vulnerability. An attacker can perform a SIP digest leak attack against FreeSWITCH and receive the challenge response of a gateway configured on the FreeSWITCH server. This is done by challenging FreeSWITCH's SIP requests with the realm set to that of the gateway, thus forcing FreeSWITCH to respond with the challenge response which is based on the password of that targeted gateway.

tags | exploit
advisories | CVE-2021-41158
MD5 | c8279f653f09b7e0ae68c5545cf2d9d9
FreeSWITCH 1.10.1 Command Execution
Posted Dec 22, 2019
Authored by 1F98D

FreeSWITCH version 1.10.1 suffers from a command execution vulnerability.

tags | exploit
MD5 | 65d86c851014fb3ebe35a4bc7cf20e7e
FusionPBX Operator Panel exec.php Command Execution
Posted Nov 14, 2019
Authored by Brendan Coles, Dustin Cobb | Site metasploit.com

This Metasploit module exploits an authenticated command injection vulnerability in FusionPBX versions 4.4.3 and prior. The exec.php file within the Operator Panel permits users with operator_panel_view permissions, or administrator permissions, to execute arbitrary commands as the web server user by sending a system command to the FreeSWITCH event socket interface. This module has been tested successfully on FusionPBX version 4.4.1 on Ubuntu 19.04 (x64).

tags | exploit, web, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2019-11409
MD5 | 8371c066836fe4c5336f32a7b5aa18d5
FreeSWITCH Event Socket Command Execution
Posted Nov 14, 2019
Authored by Brendan Coles | Site metasploit.com

This Metasploit module uses the FreeSWITCH event socket interface to execute system commands using the system API command. The event socket service is enabled by default and listens on TCP port 8021 on the local network interface. This module has been tested successfully on FreeSWITCH versions: 1.6.10-17-726448d~44bit on FreeSWITCH-Deb8-TechPreview virtual machine; 1.8.4~64bit on Ubuntu 19.04 (x64); and 1.10.1~64bit on Windows 7 SP1 (EN) (x64).

tags | exploit, local, tcp
systems | linux, windows, ubuntu
MD5 | fabd4afa284981bdc1c471d62f81d23a
freeswitch Heap Overflow
Posted Sep 30, 2015
Authored by Marcello Duarte

The JSON parser in freeswitch versions prior to 1.6.2 and 1.4.23 suffer from a heap overflow vulnerability.

tags | advisory, overflow
advisories | CVE-2015-7392
MD5 | eb4dea485d7aacf70aaa6db606c77381
GNU SIP Witch Telephony Server 1.8.0
Posted Sep 9, 2013
Authored by David Sugar | Site gnutelephony.org

GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP rver, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.

Changes: Support for systemd init. Multi-protocol context aware when built with exosip2 4.x for concurrent TCP/UDP/TLS sip sessions in a single server instance. An SRV plugin to better support automatic resolution of remote users through DNS (requires libruli to use). Improved mingw build support.
tags | telephony
systems | unix
MD5 | 917d867bfb76daaa840ee6cb5e8b1eb3
FreeSWITCH vBilling SQL Injection
Posted Apr 22, 2013
Authored by Michal Blaszczak

vBilling for FreeSWITCH suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 4ac7a3c9534b7086c9b17e22ca3ee99d
GNU SIP Witch Telephony Server 1.4.0
Posted Nov 22, 2012
Authored by David Sugar | Site gnutelephony.org

GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP rver, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.

Changes: Updated for the new ucommon 6 API. Support for VoIP hotspot mode. Initial support for the exosip 4.0 API. Better mingw build support. Better debuging tools. A switchview GUI.
tags | tool, telephony
systems | unix
MD5 | 5c1b8629a3d227b0e1fac58db6676951
FreeSWITCH 1.2.0-rc2 Denial Of Service
Posted Sep 19, 2012
Authored by Zsolt Imre

FreeSWITCH version 1.2.0-rc2 suffers from a denial of service vulnerability.

tags | advisory, denial of service
MD5 | f81a7c83437e556f095617ff8893a9b1
GNU SIP Witch Telephony Server 1.0.0
Posted May 15, 2011
Authored by David Sugar | Site gnutelephony.org

GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP rver, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.

Changes: This release is intended to provide a stable release family to power existing secure calling services for public and private use while GNU Free Call services are developed for sipwitch 2.0.
tags | telephony
systems | unix
MD5 | ae31518e980cae4dedb7a5140c12dcd9
GNU SIP Witch Telephony Server 0.10.2
Posted Mar 18, 2011
Authored by David Sugar | Site gnutelephony.org

GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP rver, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.

Changes: cmake build was introduced. A new desktop permissions mode was added for integration between sipwitch service running as a privileged daemon and the user desktop. The utilities were reorganized and simplified.
tags | telephony
systems | unix
MD5 | 7e1f80a5f8ae7634d2d8069611601742
GNU SIP Witch Telephony Server 0.10.0
Posted Feb 26, 2011
Authored by David Sugar | Site gnutelephony.org

GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP rver, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.

Changes: This release consolidates the use of usecure for computing digests to simplify the configure script and to introduce a cmake build script. This will make it easy to build and debug with IDEs like kdevelop and codeblocks on GNU/Linux, as well as IDEs on other platforms such as xcode, Visual Studio (yes, sipwitch is cross-platform), etc.
tags | telephony
systems | unix
MD5 | ec2c5c828835b4f7e4c40574e919983a
GNU SIP Witch Telephony Server 0.9.2
Posted Nov 11, 2010
Authored by David Sugar | Site gnutelephony.org

GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP rver, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.

Changes: Fixes were made for issues related to TLS SIP support, publishing of contact information in registration replies, and clean shutdown on server failure.
tags | telephony
MD5 | 965746888e574ca98acd9dfb05031bf8
GNU SIP Witch Telephony Server 0.9.1
Posted Aug 17, 2010
Authored by David Sugar | Site gnutelephony.org

GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP rver, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.

Changes: Refactoring of the API to take advantage of command parsing, internationalization, and other features offered in the newest ucommon releases.
tags | telephony
MD5 | 1839f32383ebbebae2c72efaf7fcd790
GNU SIP Witch Telephony Server 0.8.4
Posted Jul 13, 2010
Authored by David Sugar | Site gnutelephony.org

GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP rver, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.

Changes: Improved prack support and proper error tracking for invalid or unresolvable URI requests.
tags | telephony
MD5 | 08f2dc9c44c3977c583c31984c265a79
GNU SIP Witch Telephony Server 0.8.3
Posted May 20, 2010
Authored by David Sugar | Site gnutelephony.org

GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP rver, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.

Changes: Automatic server reloading has been added for network interface state changes. This release publishes routing information in zeroconf srv records.
tags | telephony
MD5 | 68efd1717c4aa171bf3979eba92092a5
GNU SIP Witch Telephony Server 0.8.0
Posted Apr 9, 2010
Authored by David Sugar | Site gnutelephony.org

GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP rver, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.

Changes: Introduction of a libnotify plugin and support for the ucommon 2.1 ABI.
tags | telephony
MD5 | fe044035450abe4b5717f98faf3a3156
GNU SIP Witch Telephony Server 0.7.4
Posted Mar 17, 2010
Authored by David Sugar | Site gnutelephony.org

GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP rver, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.

Changes: Sending of hash rather than realm to server when a user changes the authentication secret with a live server instance running was fixed. Automatic activation of generated UUID SIP realm when no realm is explicitly set by the user was fixed.
tags | telephony
MD5 | bb754e9f6f8dfbdef7741452d3f762c2
GNU SIP Witch Telephony Server 0.7.3
Posted Mar 16, 2010
Authored by David Sugar | Site gnutelephony.org

GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP rver, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.

Changes: Additional server management commands were added. Proper installation of the sipwitch CGI Web service is done to support introduction of a separately installable sipwitch-cgi package in Debian and RPM packaging.
tags | telephony
MD5 | 9ff32a00a623b77e65bb1c0f04dd6d08
GNU SIP Witch Telephony Server 0.7.2
Posted Feb 23, 2010
Authored by David Sugar | Site gnutelephony.org

GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP rver, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.

Changes: New support was added for runtime activation and access to sipwitch server debugging facilities, including recent errlog and sip message tracing.
tags | telephony
MD5 | d31d27d35c448a99b7de55b0f93da242
GNU SIP Witch Telephony Server 0.7.0
Posted Feb 9, 2010
Authored by David Sugar | Site gnutelephony.org

GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP specific capabilities such as presence and messaging. It supports secure telephone extensions for making calls over the Internet, and intercept/decrypt-free peer-to-peer audio and video extensions. It is not a SIP proxy, a multi-protocol telephone server, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.

Changes: Basic RTP media proxy, preliminary NAT support, and integrated SDP rewrite functionality have been introduced. This will enable stand-alone sipwitch hosts to call each other even when locations are both behind NATs or different subnets. Furthermore, since sipwitch handles NAT functionality in one place and transparently, desktop VoIP clients need not be configured for or aware of NAT functionality. Other changes include consolidation of realm and functional SIP domain.
tags | telephony, protocol
MD5 | 11aaa6bf55aff514be0b124619941b46
sipwitch-0.6.2.tar.gz
Posted Feb 4, 2010
Authored by David Sugar | Site gnutelephony.org

GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP specific capabilities such as presence and messaging. It supports secure telephone extensions for making calls over the Internet, and intercept/decrypt-free peer-to-peer audio and video extensions. It is not a SIP proxy, a multi-protocol telephone server, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.

Changes: Use of default UUID-based SIP authentication realms when none is explicitly set. A new and more practical default config file with saner defaults. No generation of extension numbers for user accounts made into SIP accounts if not configured for extension numbering plans.
tags | telephony, protocol
MD5 | 1df46a68fba683d635f8cfef0dd646cb
Page 1 of 4
Back1234Next

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    0 Files
  • 17
    Jan 17th
    0 Files
  • 18
    Jan 18th
    0 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close