Lucene search
K

81 matches found

Prion
Prion
added 2014/07/28 3:55 p.m.18 views

Code injection

maint/modules/home/index.php in Fonality trixbox allows remote attackers to execute arbitrary commands via shell metacharacters in the lang parameter...

7.5CVSS8.2AI score0.09164EPSS
Exploits1References1
Prion
Prion
added 2014/07/28 3:55 p.m.12 views

Directory traversal

Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. dot dot in the lang parameter to 1 home/index.php, 2 asteriskinfo/asteriskinfo.php, 3 repo/repo.php, or 4 endpointcfg/endpointcfg.php in maint/modules/...

5CVSS7.4AI score0.21237EPSS
Exploits1References1
Prion
Prion
added 2014/07/28 3:55 p.m.16 views

Sql injection

SQL injection vulnerability in maint/modules/endpointcfg/endpointgeneric.php in Fonality trixbox allows remote attackers to execute arbitrary SQL commands via the mac parameter in a Submit action...

7.5CVSS9.1AI score0.03406EPSS
Exploits1References2
Cvelist
Cvelist
added 2014/07/28 3:0 p.m.24 views

CVE-2014-5112

maint/modules/home/index.php in Fonality trixbox allows remote attackers to execute arbitrary commands via shell metacharacters in the lang parameter...

7.7AI score0.09164EPSS
Exploits1References1
Cvelist
Cvelist
added 2014/07/28 3:0 p.m.24 views

CVE-2014-5110

Cross-site scripting XSS vulnerability in user/help/html/index.php in Fonality trixbox allows remote attackers to inject arbitrary web script or HTML via the idnodo parameter...

5.7AI score0.01638EPSS
Exploits1References2
Cvelist
Cvelist
added 2014/07/28 3:0 p.m.19 views

CVE-2014-5111

Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. dot dot in the lang parameter to 1 home/index.php, 2 asteriskinfo/asteriskinfo.php, 3 repo/repo.php, or 4 endpointcfg/endpointcfg.php in maint/modules/...

6.9AI score0.21237EPSS
Exploits1References1
Cvelist
Cvelist
added 2014/07/28 3:0 p.m.28 views

CVE-2014-5109

SQL injection vulnerability in maint/modules/endpointcfg/endpointgeneric.php in Fonality trixbox allows remote attackers to execute arbitrary SQL commands via the mac parameter in a Submit action...

8.3AI score0.03406EPSS
Exploits1References2
CVE
CVE
added 2014/07/28 3:0 p.m.46 views

CVE-2014-5112

CVE-2014-5112 affects Fonality trixbox (maint/modules/home/index.php) and allows remote attackers to execute arbitrary commands via shell metacharacters in the lang parameter. Exploitation status is evidenced by multiple feeds, including an exploit note on CIRCL’s sighting pointing to Exploit-DB ...

7.5CVSS7.9AI score0.09164EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2014/07/28 3:0 p.m.70 views

CVE-2014-5111

Fonality trixbox is affected by multiple Local File Inclusion (LFI) vulnerabilities that allow an attacker to read arbitrary files via a .. in the lang parameter in maint/modules/ pages (home/index.php, asterisk_info/asterisk_info.php, repo/repo.php, endpointcfg/endpointcfg.php). The underlying i...

5CVSS7AI score0.21237EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2014/07/28 3:0 p.m.53 views

CVE-2014-5110

The CVE-2014-5110 entry describes a Cross-site scripting (XSS) vulnerability in Fonality trixbox, specifically affecting the file user/help/html/index.php and exploitable via the id_nodo parameter. Connected documents confirm the vulnerability type and affected component, with CVSS metrics indica...

4.3CVSS5.9AI score0.01638EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2014/07/28 3:0 p.m.49 views

CVE-2014-5109

CVE-2014-5109 describes a SQL injection in Fonality trixbox: vulnerable in maint/modules/endpointcfg/endpoint_generic.php, where the mac parameter in a Submit action can be exploited remotely to execute arbitrary SQL commands. Affected software is Fonality trixbox (Trixbox), with the vulnerabilit...

7.5CVSS8.6AI score0.03406EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2014/07/28 12:0 a.m.4 views

PT-2014-6287 · Fonality · Trixbox

Name of the Vulnerable Software and Affected Versions: Fonality trixbox affected versions not specified Description: A cross-site scripting XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML via the id nodo parameter in the user/help/html/index.php file...

4.3CVSS5.4AI score0.01638EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2014/07/28 12:0 a.m.5 views

PT-2014-6286 · Fonality · Trixbox

Name of the Vulnerable Software and Affected Versions: Fonality trixbox affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the mac parameter in a Submit action within the maint/modules/endpointcfg/endpoi...

7.5CVSS7.4AI score0.03406EPSS
Exploits1References4
exploitpack
exploitpack
added 2014/07/17 12:0 a.m.18 views

Fonality trixbox - index.php Directory Traversal

Fonality trixbox - index.php Directory Traversal source: https://www.securityfocus.com/bid/68719/info ol-commerce is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these...

0.3AI score
Exploits0
exploitpack
exploitpack
added 2014/07/17 12:0 a.m.17 views

Fonality trixbox - repo.php Directory Traversal

Fonality trixbox - repo.php Directory Traversal source: https://www.securityfocus.com/bid/68719/info ol-commerce is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2014/07/17 12:0 a.m.31 views

Fonality trixbox - 'repo.php' Directory Traversal

source: https://www.securityfocus.com/bid/68719/info ol-commerce is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2014/07/17 12:0 a.m.27 views

Fonality trixbox - 'asterisk_info.php' Directory Traversal

source: https://www.securityfocus.com/bid/68719/info ol-commerce is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2014/03/14 12:0 a.m.32 views

Trixbox Pro Remote Command Execution

App : Trixbox all versions vendor : trixbox.com Author : i-Hmx mail : [email protected] Home : security arrays inc , sec4ever.com ,exploit4arab.net Well well well , we decided to give schmoozecom a break and have a look @ fonality products do you think they have better product than the Award...

0.4AI score
Exploits0
exploitpack
exploitpack
added 2014/03/14 12:0 a.m.25 views

Fonality trixbox - mac Remote Code Injection

Fonality trixbox - mac Remote Code Injection App : Trixbox all versions vendor : trixbox.com Author : i-Hmx mail : [email protected] Home : security arrays inc , sec4ever.com ,exploit4arab.net Well well well , we decided to give schmoozecom a break and have a look @ fonality products do you think...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2014/03/14 12:0 a.m.35 views

Fonality trixbox - 'mac' Remote Code Injection

App : Trixbox all versions vendor : trixbox.com Author : i-Hmx mail : [email protected] Home : security arrays inc , sec4ever.com ,exploit4arab.net Well well well , we decided to give schmoozecom a break and have a look @ fonality products do you think they have better product than the Award...

7AI score
Exploits0
Rows per page
Query Builder