RCE Using Caller ID - Multiple Vulnerabilities in FusionPBX

RCE Using Caller ID – Multiple Vulnerabilities in FusionPBX

|
Aon’s Cyber Solutions has recently discovered several vulnerabilities in FusionPBX, an open-source VoIP PBX application that runs on top of the FreeSWITCH VoIP switch. These vulnerabilities allow for novel exploitation vectors, including an exploit chain that is triggered by a phone call with a malicious caller ID value that leads ... Read More
Remote Code Execution in BlogEngine.NET

Remote Code Execution in BlogEngine.NET

|
Aon’s Cyber Solutions Security Testing team recently discovered a vulnerability, CVE-2019-6714, in the BlogEngine.NET blogging software platform affecting versions 3.3.6.0 and earlier. This issue allows for remote code execution through a path traversal vulnerability in the file upload feature available to blog post editors. A fix is available in the ... Read More