Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Rob Thomas (rob.thomasschmoozecom.com)
Date: Tue Feb 11 2014 - 18:05:06 CST
> simple one is included here just as a "knock knock" for the "schmoozecom" team ;)
[CVE-2014-1903] FreePBX 2.9 through 12 RCE
Unauthenticated user-level Remote Code Execution (RCE) vulnerability
in admin/config.php, the main interface to FreePBX. This bug was
introduced in FreePBX 2.9, earlier versions are not affected.
Score - 8.4
Reference to Advisory:
Reference to Bug:
Fixed in Versions:
2.9 -- 18.104.22.168
2.10 - 22.214.171.124
2.11 - 126.96.36.199
12 - 12.0.1alpha22
FreePBX contains an automatic alert service for upgrade notifications.
If your system is set up correctly, you would have received an email
alert of this vulnerability when it was detected and fixed.
Schmoozecom strongly urges you to ensure that the email alert address
is correct and up to date to ensure you receive notifications of
security issues and pending updates.
Schmoozecom and FreePBX are very proactive and responsive to security
issues, and care deeply about the security of our software and
systems. We welcome security related bug reports and issues, and they
can be submitted via email to securityfreepbx.org for instant
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/