157 matches found
Qutecom Softphone 2.2.1 Heap Overflow DoS/Crash Proof of Concept
Exploit for windows platform in category dos / poc Title: Qutecom Cross-platform, open source softphone Heap Overflow DoS/Crash Proof of Concept Date: 14th June 2012 Exploit Author: Debasish Mandal Author's Blog : http://www.debasish.in/ Vendor Homepage: http://qutecom.org/ Software Link:...
Trixbox Information Disclosure Vulnerability
The host is running Trixbox and is prone to information disclosure vulnerability. OpenVAS Vulnerability Test $Id: gbtrixboxinfodiscvuln.nasl 7015 2017-08-28 11:51:24Z teissa $ Trixbox Information Disclosure Vulnerability Authors: Sooraj KS Copyright: Copyright c 2011 Greenbone Networks GmbH,...
Trixbox Information Disclosure Vulnerability
Trixbox is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Trixbox 2.8.0.4 User Enumeration
Trixbox, username enumeration via Flash Operator Panel Fop Author: francesco.tornieri "At" verona-wireless.net Summary: Username enumeration via Flash Operator Panel Fop Reference: http://enablesecurity.com/2011/01/25/voippack-1-4-with-added-support-for-cisco-and-trixbox/ Release Date: 28/06/2011...
Fonality trixbox CE 2.6.1 - 'langChoice' Local File Inclusion (Metasploit)
$Id: trixboxlangchoice.rb 11516 2011-01-08 01:13:26Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Trixbox langChoice PHP Local File Inclusion
$Id: $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ -- coding: utf-8 -- require 'msf/core' class...
Trixbox langChoice PHP Local File Inclusion
This module injects php into the trixbox session file and then, in a second call, evaluates that code by manipulating the langChoice parameter as described in OSVDB-50421. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framewo...
Asterisk Trixbox CE Cross Site Scripting
The asterisk phonebook module found in trixbox CE is vulnerable to an xss which can be triggered by importing a contact from a csv file like this: "/alertdocument.cookie;";123123123;12313 FATAL ERROR url is $ip/admin/config.php?type=tool&display=phonebook So an import of a csv file which may...
TWSL2010-005: FreePBX recordings interface allows remote code execution
Trustwave's SpiderLabs Security Advisory TWSL2010-005: FreePBX recordings interface allows remote code execution https://www.trustwave.com/spiderlabs/advisories/TWSL2010-005.txt Published: 2010-09-23 Version: 1.0 Vendor: FreePBX http://www.freepbx.org/ Product: FreePBX and VOIP solutions...
FreePBX 2.8.0 - Recordings Interface Allows Remote Code Execution
Trustwave's SpiderLabs Security Advisory TWSL2010-005: FreePBX recordings interface allows remote code execution https://www.trustwave.com/spiderlabs/advisories/TWSL2010-005.txt Published: 2010-09-23 Version: 1.0 Vendor: FreePBX http://www.freepbx.org/ Product: FreePBX and VOIP solutions...
CVE-2010-0702
SQL injection vulnerability in cisco/services/PhonecDirectory.php in Fonality Trixbox 2.2.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter...
Sql injection
SQL injection vulnerability in cisco/services/PhonecDirectory.php in Fonality Trixbox 2.2.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter...
CVE-2010-0702
SQL injection vulnerability in cisco/services/PhonecDirectory.php in Fonality Trixbox 2.2.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter...
CVE-2010-0702
CVE-2010-0702 affects Fonality Trixbox 2.2.4, via cisco/services/PhoneDirectory.php (PhoneDirectory.php) where the ID parameter is not sanitized, enabling SQL injection. Public sources (NVD, CVE lists, PRION/Nessus plugin) describe remote attacker ability to manipulate queries and potentially dis...
trixbox Cisco Phone Services PhoneDirectory.php ID Parameter SQL Injection
The version of the Cisco Phone Services phone directory script 'cisco/services/PhoneDirectory.php' installed as part of the web interface for trixbox or Asterisk@Home, as it was formerly known and hosted on the remote web server fails to sanitize input to the 'ID' parameter before using it in a...
PT-2010-2453 · Fonality · Fonality Trixbox
Name of the Vulnerable Software and Affected Versions: Fonality Trixbox version 2.2.4 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the ID parameter in the /cisco/services/PhonecDirectory.php API endpoint. Recommendations: For Fonality...
trixbox maint Web Interface Default Credentials
The remote web server hosts the web interface for trixbox or Asterisk@Home, as it was formerly known, a PBX application based on Asterisk. The remote installation of this web interface has at least one account configured using default credentials. With this information, an attacker can gain...
Trixbox 2.2.4 SQL Injection
Exploit Title: Trixbox PhonecDirectory.php SQL Injection Date: 18.02.2010 Author: NorSlacker Software Link: http://trixbox.org/downloads Version: 2.2.4 Code : http://trixbox/cisco/services/PhoneDirectory.php?ID=1 SQL INJECTION Example Grab users / password hashes from sugarcrm...
Trixbox PhonecDirectory.php SQL Injection Vulnerability
Exploit for unknown platform in category web applications ======================================================= Trixbox PhonecDirectory.php SQL Injection Vulnerability ======================================================= Software Link: http://trixbox.org/downloads Version: 2.2.4 Code :...
Fonality trixbox 2.2.4 - PhonecDirectory.php SQL Injection
Fonality trixbox 2.2.4 - PhonecDirectory.php SQL Injection Software Link: http://trixbox.org/downloads Version: 2.2.4 Code : http://server/cisco/services/PhoneDirectory.php?ID=1 SQL INJECTION Example Grab users / password hashes from sugarcrm http://server/cisco/services/PhoneDirectory.php?ID=1'...