Lucene search
K

157 matches found

0day.today
0day.today
added 2012/06/22 12:0 a.m.36 views

Qutecom Softphone 2.2.1 Heap Overflow DoS/Crash Proof of Concept

Exploit for windows platform in category dos / poc Title: Qutecom Cross-platform, open source softphone Heap Overflow DoS/Crash Proof of Concept Date: 14th June 2012 Exploit Author: Debasish Mandal Author's Blog : http://www.debasish.in/ Vendor Homepage: http://qutecom.org/ Software Link:...

7AI score
Exploits0
OpenVAS
OpenVAS
added 2011/07/13 12:0 a.m.17 views

Trixbox Information Disclosure Vulnerability

The host is running Trixbox and is prone to information disclosure vulnerability. OpenVAS Vulnerability Test $Id: gbtrixboxinfodiscvuln.nasl 7015 2017-08-28 11:51:24Z teissa $ Trixbox Information Disclosure Vulnerability Authors: Sooraj KS Copyright: Copyright c 2011 Greenbone Networks GmbH,...

7AI score
Exploits0References1
OpenVAS
OpenVAS
added 2011/07/13 12:0 a.m.8 views

Trixbox Information Disclosure Vulnerability

Trixbox is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.9AI score
Exploits0References2
Packet Storm
Packet Storm
added 2011/06/28 12:0 a.m.21 views

Trixbox 2.8.0.4 User Enumeration

Trixbox, username enumeration via Flash Operator Panel Fop Author: francesco.tornieri "At" verona-wireless.net Summary: Username enumeration via Flash Operator Panel Fop Reference: http://enablesecurity.com/2011/01/25/voippack-1-4-with-added-support-for-cisco-and-trixbox/ Release Date: 28/06/2011...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2011/01/08 12:0 a.m.35 views

Fonality trixbox CE 2.6.1 - 'langChoice' Local File Inclusion (Metasploit)

$Id: trixboxlangchoice.rb 11516 2011-01-08 01:13:26Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2010/12/11 12:0 a.m.17 views

Trixbox langChoice PHP Local File Inclusion

$Id: $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ -- coding: utf-8 -- require 'msf/core' class...

0.1AI score
Exploits0
Metasploit
Metasploit
added 2010/12/07 5:44 p.m.39 views

Trixbox langChoice PHP Local File Inclusion

This module injects php into the trixbox session file and then, in a second call, evaluates that code by manipulating the langChoice parameter as described in OSVDB-50421. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framewo...

6.8CVSS10AI score0.20271EPSS
Exploits2
Packet Storm
Packet Storm
added 2010/10/16 12:0 a.m.36 views

Asterisk Trixbox CE Cross Site Scripting

The asterisk phonebook module found in trixbox CE is vulnerable to an xss which can be triggered by importing a contact from a csv file like this: "/alertdocument.cookie;";123123123;12313 FATAL ERROR url is $ip/admin/config.php?type=tool&display=phonebook So an import of a csv file which may...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2010/09/27 12:0 a.m.85 views

TWSL2010-005: FreePBX recordings interface allows remote code execution

Trustwave's SpiderLabs Security Advisory TWSL2010-005: FreePBX recordings interface allows remote code execution https://www.trustwave.com/spiderlabs/advisories/TWSL2010-005.txt Published: 2010-09-23 Version: 1.0 Vendor: FreePBX http://www.freepbx.org/ Product: FreePBX and VOIP solutions...

6.5CVSS7.2AI score0.09566EPSS
Exploits5
Exploit DB
Exploit DB
added 2010/09/24 12:0 a.m.64 views

FreePBX 2.8.0 - Recordings Interface Allows Remote Code Execution

Trustwave's SpiderLabs Security Advisory TWSL2010-005: FreePBX recordings interface allows remote code execution https://www.trustwave.com/spiderlabs/advisories/TWSL2010-005.txt Published: 2010-09-23 Version: 1.0 Vendor: FreePBX http://www.freepbx.org/ Product: FreePBX and VOIP solutions...

6.5CVSS6.4AI score0.09566EPSS
Exploits5
NVD
NVD
added 2010/02/23 8:30 p.m.23 views

CVE-2010-0702

SQL injection vulnerability in cisco/services/PhonecDirectory.php in Fonality Trixbox 2.2.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter...

7.5CVSS8.4AI score0.04095EPSS
Exploits1References4
Prion
Prion
added 2010/02/23 8:30 p.m.13 views

Sql injection

SQL injection vulnerability in cisco/services/PhonecDirectory.php in Fonality Trixbox 2.2.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter...

7.5CVSS9AI score0.04095EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2010/02/23 8:0 p.m.20 views

CVE-2010-0702

SQL injection vulnerability in cisco/services/PhonecDirectory.php in Fonality Trixbox 2.2.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter...

8.4AI score0.04095EPSS
Exploits1References4
CVE
CVE
added 2010/02/23 8:0 p.m.64 views

CVE-2010-0702

CVE-2010-0702 affects Fonality Trixbox 2.2.4, via cisco/services/PhoneDirectory.php (PhoneDirectory.php) where the ID parameter is not sanitized, enabling SQL injection. Public sources (NVD, CVE lists, PRION/Nessus plugin) describe remote attacker ability to manipulate queries and potentially dis...

7.5CVSS8.7AI score0.04095EPSS
Exploits1References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2010/02/23 12:0 a.m.54 views

trixbox Cisco Phone Services PhoneDirectory.php ID Parameter SQL Injection

The version of the Cisco Phone Services phone directory script 'cisco/services/PhoneDirectory.php' installed as part of the web interface for trixbox or Asterisk@Home, as it was formerly known and hosted on the remote web server fails to sanitize input to the 'ID' parameter before using it in a...

7.5CVSS6AI score0.04095EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2010/02/23 12:0 a.m.5 views

PT-2010-2453 · Fonality · Fonality Trixbox

Name of the Vulnerable Software and Affected Versions: Fonality Trixbox version 2.2.4 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the ID parameter in the /cisco/services/PhonecDirectory.php API endpoint. Recommendations: For Fonality...

7.5CVSS7.6AI score0.04095EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2010/02/23 12:0 a.m.47 views

trixbox maint Web Interface Default Credentials

The remote web server hosts the web interface for trixbox or Asterisk@Home, as it was formerly known, a PBX application based on Asterisk. The remote installation of this web interface has at least one account configured using default credentials. With this information, an attacker can gain...

5.5AI score
Exploits0
Packet Storm
Packet Storm
added 2010/02/20 12:0 a.m.18 views

Trixbox 2.2.4 SQL Injection

Exploit Title: Trixbox PhonecDirectory.php SQL Injection Date: 18.02.2010 Author: NorSlacker Software Link: http://trixbox.org/downloads Version: 2.2.4 Code : http://trixbox/cisco/services/PhoneDirectory.php?ID=1 SQL INJECTION Example Grab users / password hashes from sugarcrm...

7.4AI score
Exploits0
0day.today
0day.today
added 2010/02/19 12:0 a.m.19 views

Trixbox PhonecDirectory.php SQL Injection Vulnerability

Exploit for unknown platform in category web applications ======================================================= Trixbox PhonecDirectory.php SQL Injection Vulnerability ======================================================= Software Link: http://trixbox.org/downloads Version: 2.2.4 Code :...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2010/02/19 12:0 a.m.8 views

Fonality trixbox 2.2.4 - PhonecDirectory.php SQL Injection

Fonality trixbox 2.2.4 - PhonecDirectory.php SQL Injection Software Link: http://trixbox.org/downloads Version: 2.2.4 Code : http://server/cisco/services/PhoneDirectory.php?ID=1 SQL INJECTION Example Grab users / password hashes from sugarcrm http://server/cisco/services/PhoneDirectory.php?ID=1'...

8.6AI score
Exploits0
Rows per page
Query Builder