81 matches found
Code injection
maint/modules/home/index.php in Fonality trixbox allows remote attackers to execute arbitrary commands via shell metacharacters in the lang parameter...
Directory traversal
Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. dot dot in the lang parameter to 1 home/index.php, 2 asteriskinfo/asteriskinfo.php, 3 repo/repo.php, or 4 endpointcfg/endpointcfg.php in maint/modules/...
Sql injection
SQL injection vulnerability in maint/modules/endpointcfg/endpointgeneric.php in Fonality trixbox allows remote attackers to execute arbitrary SQL commands via the mac parameter in a Submit action...
CVE-2014-5112
maint/modules/home/index.php in Fonality trixbox allows remote attackers to execute arbitrary commands via shell metacharacters in the lang parameter...
CVE-2014-5110
Cross-site scripting XSS vulnerability in user/help/html/index.php in Fonality trixbox allows remote attackers to inject arbitrary web script or HTML via the idnodo parameter...
CVE-2014-5111
Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. dot dot in the lang parameter to 1 home/index.php, 2 asteriskinfo/asteriskinfo.php, 3 repo/repo.php, or 4 endpointcfg/endpointcfg.php in maint/modules/...
CVE-2014-5109
SQL injection vulnerability in maint/modules/endpointcfg/endpointgeneric.php in Fonality trixbox allows remote attackers to execute arbitrary SQL commands via the mac parameter in a Submit action...
CVE-2014-5112
CVE-2014-5112 affects Fonality trixbox (maint/modules/home/index.php) and allows remote attackers to execute arbitrary commands via shell metacharacters in the lang parameter. Exploitation status is evidenced by multiple feeds, including an exploit note on CIRCL’s sighting pointing to Exploit-DB ...
CVE-2014-5111
Fonality trixbox is affected by multiple Local File Inclusion (LFI) vulnerabilities that allow an attacker to read arbitrary files via a .. in the lang parameter in maint/modules/ pages (home/index.php, asterisk_info/asterisk_info.php, repo/repo.php, endpointcfg/endpointcfg.php). The underlying i...
CVE-2014-5110
The CVE-2014-5110 entry describes a Cross-site scripting (XSS) vulnerability in Fonality trixbox, specifically affecting the file user/help/html/index.php and exploitable via the id_nodo parameter. Connected documents confirm the vulnerability type and affected component, with CVSS metrics indica...
CVE-2014-5109
CVE-2014-5109 describes a SQL injection in Fonality trixbox: vulnerable in maint/modules/endpointcfg/endpoint_generic.php, where the mac parameter in a Submit action can be exploited remotely to execute arbitrary SQL commands. Affected software is Fonality trixbox (Trixbox), with the vulnerabilit...
PT-2014-6287 · Fonality · Trixbox
Name of the Vulnerable Software and Affected Versions: Fonality trixbox affected versions not specified Description: A cross-site scripting XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML via the id nodo parameter in the user/help/html/index.php file...
PT-2014-6286 · Fonality · Trixbox
Name of the Vulnerable Software and Affected Versions: Fonality trixbox affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the mac parameter in a Submit action within the maint/modules/endpointcfg/endpoi...
Fonality trixbox - index.php Directory Traversal
Fonality trixbox - index.php Directory Traversal source: https://www.securityfocus.com/bid/68719/info ol-commerce is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these...
Fonality trixbox - repo.php Directory Traversal
Fonality trixbox - repo.php Directory Traversal source: https://www.securityfocus.com/bid/68719/info ol-commerce is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these...
Fonality trixbox - 'repo.php' Directory Traversal
source: https://www.securityfocus.com/bid/68719/info ol-commerce is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal...
Fonality trixbox - 'asterisk_info.php' Directory Traversal
source: https://www.securityfocus.com/bid/68719/info ol-commerce is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal...
Trixbox Pro Remote Command Execution
App : Trixbox all versions vendor : trixbox.com Author : i-Hmx mail : [email protected] Home : security arrays inc , sec4ever.com ,exploit4arab.net Well well well , we decided to give schmoozecom a break and have a look @ fonality products do you think they have better product than the Award...
Fonality trixbox - mac Remote Code Injection
Fonality trixbox - mac Remote Code Injection App : Trixbox all versions vendor : trixbox.com Author : i-Hmx mail : [email protected] Home : security arrays inc , sec4ever.com ,exploit4arab.net Well well well , we decided to give schmoozecom a break and have a look @ fonality products do you think...
Fonality trixbox - 'mac' Remote Code Injection
App : Trixbox all versions vendor : trixbox.com Author : i-Hmx mail : [email protected] Home : security arrays inc , sec4ever.com ,exploit4arab.net Well well well , we decided to give schmoozecom a break and have a look @ fonality products do you think they have better product than the Award...