CVE-2016-2364

The Chrome HUDweb plugin before 2016-05-05 for Fonality previously trixbox Pro 12.6 through 14.1i uses the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from...

CVE-2016-2362

Fonality previously trixbox Pro 12.6 through 14.1i before 2016-06-01 has a hardcoded password for the FTP account, which allows remote attackers to obtain access via a 1 FTP or 2 SSH connection...

CVE-2016-2364

The Chrome HUDweb plugin before 2016-05-05 for Fonality previously trixbox Pro 12.6 through 14.1i uses the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from...

CVE-2016-2363

Fonality previously trixbox Pro 12.6 through 14.1i before 2016-06-01 uses weak permissions for the /var/www/rpc/surun script, which allows local users to obtain root access for unspecified command execution by leveraging access to the nobody account...

CVE-2016-2364

The CVE-2016-2364 issue affects Fonality’s HUDweb plugin for Google Chrome (versions 12.6–14.1i) where the plugin uses a single hardcoded private key across different customer installations, enabling remote attackers to defeat cryptographic protections by exploiting knowledge of that key from ano...

CVE-2016-2362

Fonality (formerly trixbox Pro) 12.6–14.1i before 2016-06-01 contains a hardcoded FTP password, enabling remote attackers to log in via FTP or SSH and gain access as the ‘nobody’ user. Multiple sources (NVD entry CVE-2016-2362, related CNVD/CVE records, and CERT entries) corroborate that this vul...

CVE-2016-2363

CVE-2016-2363 affects Fonality (formerly trixbox Pro) 12.6–14.1i before 2016-06-01. The vulnerability arises from weak permissions on the /var/www/rpc/surun script, enabling local users to exploit the nobody account to execute commands as root. Impact is local privilege escalation with full contr...

Trixbox Pro Remote Command Execution

App : Trixbox all versions vendor : trixbox.com Author : i-Hmx mail : [email protected] Home : security arrays inc , sec4ever.com ,exploit4arab.net Well well well , we decided to give schmoozecom a break and have a look @ fonality products do you think they have better product than the Award...

Fonality trixbox - mac Remote Code Injection

Fonality trixbox - mac Remote Code Injection App : Trixbox all versions vendor : trixbox.com Author : i-Hmx mail : [email protected] Home : security arrays inc , sec4ever.com ,exploit4arab.net Well well well , we decided to give schmoozecom a break and have a look @ fonality products do you think...