Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Tenable Nessus
Tenable Nessusadded 2010/02/23 12:0 a.m.45 views

trixbox maint Web Interface Default Credentials

The remote web server hosts the web interface for trixbox or Asterisk@Home, as it was formerly known, a PBX application based on Asterisk. The remote installation of this web interface has at least one account configured using default credentials. With this information, an attacker can gain...

5.5AI score
Exploits0
Tenable Nessus
Tenable Nessusadded 2010/02/23 12:0 a.m.53 views

trixbox Cisco Phone Services PhoneDirectory.php ID Parameter SQL Injection

The version of the Cisco Phone Services phone directory script 'cisco/services/PhoneDirectory.php' installed as part of the web interface for trixbox or Asterisk@Home, as it was formerly known and hosted on the remote web server fails to sanitize input to the 'ID' parameter before using it in a...

7.5CVSS6AI score0.00529EPSS
Exploits1References1
NVD
NVDadded 2006/04/25 8:6 p.m.10 views

CVE-2006-2021

Absolute path traversal vulnerability in recordings/misc/audio.php in the Asterisk Recording Interface ARI web interface in Asterisk@Home before 2.8 allows remote attackers to read arbitrary MP3, WAV, and GSM files via a full pathname in the recording parameter. NOTE: this issue can also be used ...

5CVSS6.7AI score0.00713EPSS
Exploits1References8
Prion
Prionadded 2006/04/25 8:6 p.m.8 views

Path traversal

Absolute path traversal vulnerability in recordings/misc/audio.php in the Asterisk Recording Interface ARI web interface in Asterisk@Home before 2.8 allows remote attackers to read arbitrary MP3, WAV, and GSM files via a full pathname in the recording parameter. NOTE: this issue can also be used ...

5CVSS6.9AI score0.00713EPSS
Exploits1References8Affected Software1
NVD
NVDadded 2006/04/25 8:6 p.m.14 views

CVE-2006-2020

Asterisk Recording Interface ARI in Asterisk@Home before 2.8 stores recordings/includes/main.conf under the web document root with insufficient access control, which allows remote attackers to obtain password information...

7.8CVSS6.8AI score0.10869EPSS
Exploits1References7
CVE
CVEadded 2006/04/25 8:0 p.m.43 views

CVE-2006-2021

CVE-2006-2021 is an absolute path traversal vulnerability in the Asterisk Recording Interface (ARI) web UI, specifically in recordings/misc/audio.php of Asterisk@Home before 2.8. An unauthenticated attacker can supply a full pathname in the recording parameter to read arbitrary MP3, WAV, and GSM ...

5CVSS6.7AI score0.00713EPSS
Exploits1References8Affected Software1
Cvelist
Cvelistadded 2006/04/25 8:0 p.m.13 views

CVE-2006-2020

Asterisk Recording Interface ARI in Asterisk@Home before 2.8 stores recordings/includes/main.conf under the web document root with insufficient access control, which allows remote attackers to obtain password information...

6.8AI score0.10869EPSS
Exploits1References7
Rows per page
Query Builder