6 matches found
CVE-2010-0702
SQL injection vulnerability in cisco/services/PhonecDirectory.php in Fonality Trixbox 2.2.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter...
trixbox Cisco Phone Services PhoneDirectory.php ID Parameter SQL Injection
The version of the Cisco Phone Services phone directory script 'cisco/services/PhoneDirectory.php' installed as part of the web interface for trixbox or Asterisk@Home, as it was formerly known and hosted on the remote web server fails to sanitize input to the 'ID' parameter before using it in a...
Trixbox 2.2.4 SQL Injection
Exploit Title: Trixbox PhonecDirectory.php SQL Injection Date: 18.02.2010 Author: NorSlacker Software Link: http://trixbox.org/downloads Version: 2.2.4 Code : http://trixbox/cisco/services/PhoneDirectory.php?ID=1 SQL INJECTION Example Grab users / password hashes from sugarcrm...
Fonality trixbox 2.2.4 - 'PhonecDirectory.php' SQL Injection
Software Link: http://trixbox.org/downloads Version: 2.2.4 Code : http://server/cisco/services/PhoneDirectory.php?ID=1 SQL INJECTION Example Grab users / password hashes from sugarcrm http://server/cisco/services/PhoneDirectory.php?ID=1' UNION SELECT id,userhash AS...
Trixbox PhonecDirectory.php SQL Injection Vulnerability
Exploit for unknown platform in category web applications ======================================================= Trixbox PhonecDirectory.php SQL Injection Vulnerability ======================================================= Software Link: http://trixbox.org/downloads Version: 2.2.4 Code :...
Fonality trixbox 2.2.4 - PhonecDirectory.php SQL Injection
Fonality trixbox 2.2.4 - PhonecDirectory.php SQL Injection Software Link: http://trixbox.org/downloads Version: 2.2.4 Code : http://server/cisco/services/PhoneDirectory.php?ID=1 SQL INJECTION Example Grab users / password hashes from sugarcrm http://server/cisco/services/PhoneDirectory.php?ID=1'...