TrixBox CE 2.8.0.4 Command Execution Exploit

This Metasploit module exploits an authenticated OS command injection vulnerability found in Trixbox CE versions 1.2.0 through 2.8.0.4 inclusive in the network POST parameter of the /maint/modules/endpointcfg/endpointdevicemap.php page. Successful exploitation allows for arbitrary command executi...

TrixBox CE 2.8.0.4 Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TrixBox CE endpointdevicemap.php Authenticated Command Execution', 'Description' = %q This module exploits an authenticated OS command injection...

TrixBox CE endpoint_devicemap.php Authenticated Command Execution

This module exploits an authenticated OS command injection vulnerability found in Trixbox CE version 1.2.0 to 2.8.0.4 inclusive in the "network" POST parameter of the "/maint/modules/endpointcfg/endpointdevicemap.php" page. Successful exploitation allows for arbitrary command execution on the...

CVE-2020-7351

An OS Command Injection vulnerability in the endpointdevicemap.php component of Fonality Trixbox Community Edition allows an attacker to execute commands on the underlying operating system as the "asterisk" user. Note that Trixbox Community Edition has been unsupported by the vendor since 2012...

CVE-2020-7351 Fonality Trixbox CE Post-Authentication Command Injection

An OS Command Injection vulnerability in the endpointdevicemap.php component of Fonality Trixbox Community Edition allows an attacker to execute commands on the underlying operating system as the "asterisk" user. Note that Trixbox Community Edition has been unsupported by the vendor since 2012...

Fonality Trixbox CE 2.8.0.4 Command Execution Vulnerability

Fonality Trixbox CE version 2.8.0.4 remote root command execution exploit. !/usr/bin/perl Title: Fonality trixbox CE remote root exploit Author: Simo Ben youssef Contact: SimoatMorxploitcom Discovered & Coded: 2 June 2014 Published: 17 October 2014 MorXploit Research http://www.MorXploit.com...

Fonality Trixbox CE 2.8.0.4 Command Execution

!/usr/bin/perl Title: Fonality trixbox CE remote root exploit Author: Simo Ben youssef Contact: SimoatMorxploitcom Discovered & Coded: 2 June 2014 Published: 17 October 2014 MorXploit Research http://www.MorXploit.com Software: trixbox CE Version: trixbox-2.8.0.4.iso Vendor url:...

Asterisk Trixbox CE Cross Site Scripting

The asterisk phonebook module found in trixbox CE is vulnerable to an xss which can be triggered by importing a contact from a csv file like this: "/alertdocument.cookie;";123123123;12313 FATAL ERROR url is $ip/admin/config.php?type=tool&display=phonebook So an import of a csv file which may...

Directory traversal

Directory traversal vulnerability in user/index.php in Fonality trixbox CE 2.6.1 and earlier allows remote attackers to include and execute arbitrary files via a .. dot dot in the langChoice parameter...

CVE-2008-6825

CVE-2008-6825 is a directory traversal/local file inclusion vulnerability in Fonality trixbox CE 2.6.1 and earlier, exposed via the langChoice parameter in user/index.php. The underlying issue is improper handling of the langChoice input, enabling an attacker to include and execute arbitrary file...