Directory traversal

Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. dot dot in the lang parameter to 1 home/index.php, 2 asteriskinfo/asteriskinfo.php, 3 repo/repo.php, or 4 endpointcfg/endpointcfg.php in maint/modules/...

PT-2014-6286 · Fonality · Trixbox

Name of the Vulnerable Software and Affected Versions: Fonality trixbox affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the mac parameter in a Submit action within the maint/modules/endpointcfg/endpoi...

Trixbox XSS / LFI / SQL Injection / Code Execution Vulnerabilities

Trixbox suffers from cross site scripting, local file inclusion, SQL injection, and remote code execution vulnerabilities. Trixbox All Version - Multiple Vulnerabilties =================================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Contact : email protected ...

Fonality trixbox - 'endpointcfg.php' Directory Traversal

source: https://www.securityfocus.com/bid/68719/info ol-commerce is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal...