Lucene search
+L

157 matches found

exploitpack
exploitpack
added 2010/02/19 12:0 a.m.8 views

Fonality trixbox 2.2.4 - PhonecDirectory.php SQL Injection

Fonality trixbox 2.2.4 - PhonecDirectory.php SQL Injection Software Link: http://trixbox.org/downloads Version: 2.2.4 Code : http://server/cisco/services/PhoneDirectory.php?ID=1 SQL INJECTION Example Grab users / password hashes from sugarcrm http://server/cisco/services/PhoneDirectory.php?ID=1'...

8.6AI score
Exploits0
Prion
Prion
added 2009/06/05 9:30 p.m.22 views

Directory traversal

Directory traversal vulnerability in user/index.php in Fonality trixbox CE 2.6.1 and earlier allows remote attackers to include and execute arbitrary files via a .. dot dot in the langChoice parameter...

6.8CVSS7.5AI score0.20271EPSS
Exploits2References5Affected Software1
NVD
NVD
added 2009/06/05 9:30 p.m.18 views

CVE-2008-6825

Directory traversal vulnerability in user/index.php in Fonality trixbox CE 2.6.1 and earlier allows remote attackers to include and execute arbitrary files via a .. dot dot in the langChoice parameter...

6.8CVSS7.3AI score0.20271EPSS
Exploits2References5
Cvelist
Cvelist
added 2009/06/05 9:0 p.m.28 views

CVE-2008-6825

Directory traversal vulnerability in user/index.php in Fonality trixbox CE 2.6.1 and earlier allows remote attackers to include and execute arbitrary files via a .. dot dot in the langChoice parameter...

7.2AI score0.20271EPSS
Exploits2References5
CVE
CVE
added 2009/06/05 9:0 p.m.59 views

CVE-2008-6825

CVE-2008-6825 is a directory traversal/local file inclusion vulnerability in Fonality trixbox CE 2.6.1 and earlier, exposed via the langChoice parameter in user/index.php. The underlying issue is improper handling of the langChoice input, enabling an attacker to include and execute arbitrary file...

6.8CVSS7.5AI score0.20271EPSS
Exploits2References5Affected Software1
Prion
Prion
added 2008/09/04 7:41 p.m.18 views

Authentication flaw

Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1, and 1.6.0.x before 1.6.0.8; Asterisk Business Edition A.x.x, B.x.x before B.2.5.8, C.1.x.x before C.1.10.5, and C.2.x.x before C.2.3.3; s800i 1.3.x before 1.3.0.2; and Trixbox PBX 2.6.1, when Digest authentication and authalwaysreje...

3.5CVSS6.9AI score0.01852EPSS
Exploits1References9Affected Software2
OSV
OSV
added 2008/09/04 7:41 p.m.10 views

CVE-2008-3903

Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1, and 1.6.0.x before 1.6.0.8; Asterisk Business Edition A.x.x, B.x.x before B.2.5.8, C.1.x.x before C.1.10.5, and C.2.x.x before C.2.3.3; s800i 1.3.x before 1.3.0.2; and Trixbox PBX 2.6.1, when Digest authentication and authalwaysreje...

6.6AI score
Exploits0References9
OSV
OSV
added 2008/09/04 7:41 p.m.4 views

DEBIAN-CVE-2008-3903

Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1, and 1.6.0.x before 1.6.0.8; Asterisk Business Edition A.x.x, B.x.x before B.2.5.8, C.1.x.x before C.1.10.5, and C.2.x.x before C.2.3.3; s800i 1.3.x before 1.3.0.2; and Trixbox PBX 2.6.1, when Digest authentication and authalwaysreje...

3.5CVSS7.1AI score0.01852EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2008/09/04 7:0 p.m.54 views

CVE-2008-3903

Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1, and 1.6.0.x before 1.6.0.8; Asterisk Business Edition A.x.x, B.x.x before B.2.5.8, C.1.x.x before C.1.10.5, and C.2.x.x before C.2.3.3; s800i 1.3.x before 1.3.0.2; and Trixbox PBX 2.6.1, when Digest authentication and authalwaysreje...

3.5CVSS6.5AI score0.01852EPSS
Exploits1
CVE
CVE
added 2008/09/04 7:0 p.m.85 views

CVE-2008-3903

CVE-2008-3903 affects Asterisk and related builds (1.2.x, 1.4.x, 1.6.x, Asterisk Business Edition, s800i, Trixbox) where Digest authentication with authalwaysreject yields different SIP responses based on whether a username is valid, enabling remote username enumeration. Public advisories (Debian...

3.5CVSS6.5AI score0.01852EPSS
Exploits1References9Affected Software2
Cvelist
Cvelist
added 2008/09/04 7:0 p.m.31 views

CVE-2008-3903

Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1, and 1.6.0.x before 1.6.0.8; Asterisk Business Edition A.x.x, B.x.x before B.2.5.8, C.1.x.x before C.1.10.5, and C.2.x.x before C.2.3.3; s800i 1.3.x before 1.3.0.2; and Trixbox PBX 2.6.1, when Digest authentication and authalwaysreje...

6.5AI score0.01852EPSS
Exploits1References9
Packet Storm
Packet Storm
added 2008/07/15 12:0 a.m.24 views

trixbox261-pwn.txt

!/usr/bin/python TrixBox 2.6.1 langChoice remote root exploit muts from offensive-security.com chris from offensive-security.com All credits to Jean-Michel BESNARD Same same, but different. http://www.offensive-security.com/0day/trixbox.py.txt id uid=0root gid=0root...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2008/07/13 12:0 a.m.26 views

trixbox 2.6.1 (langChoice) Remote Root Exploit (py)

No description provided by source. !/usr/bin/python TrixBox 2.6.1 langChoice remote root exploit muts from offensive-security.com chris from offensive-security.com All credits to Jean-Michel BESNARD [email protected] Same same, but different. http://www.offensive-security.com/0day/trixbox.py.tx...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2008/07/12 12:0 a.m.15 views

Fonality trixbox 2.6.1 - langChoice Remote Code Execution (Python)

Fonality trixbox 2.6.1 - langChoice Remote Code Execution Python !/usr/bin/python TrixBox 2.6.1 langChoice remote root exploit muts from offensive-security.com All credits to Jean-Michel BESNARD Same same, but different. http://www.offensive-security.com/0day/trixbox.py.txt id uid=0root gid=0root...

0.2AI score
Exploits0
0day.today
0day.today
added 2008/07/12 12:0 a.m.27 views

trixbox 2.6.1 (langChoice) Remote Root Exploit (py)

Exploit for linux platform in category remote exploits =================================================== trixbox 2.6.1 langChoice Remote Root Exploit py =================================================== !/usr/bin/python TrixBox 2.6.1 langChoice remote root exploit muts from...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2008/07/10 12:0 a.m.46 views

trixbox-lfi.txt

I have discovered a file inclusion in Trixbox that may be exploited to run arbitrary code and eventually obtain a root shell. The vendor Fonality has been noticed about this issue. They have fixed it and shall release a patch this week. I have already posted an exploit giving a shell with...

7.4AI score
Exploits0
0day.today
0day.today
added 2008/07/09 12:0 a.m.30 views

trixbox (langChoice) Local File Inclusion Exploit (connect-back) v2

Exploit for linux platform in category remote exploits =================================================================== trixbox langChoice Local File Inclusion Exploit connect-back v2 =================================================================== !/usr/bin/perl -w Jean-Michel BESNARD /...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2008/07/09 12:0 a.m.18 views

trixbox (langChoice) Local File Inclusion Exploit (connect-back)

No description provided by source. !/usr/bin/perl -w Jean-Michel BESNARD - LEXSI Audit 2008-07-08 perl trixboxfi.pl 192.168.1.212 Please listen carefully as our menu option has changed Choose from the following options: 1 Remote TCP shell 2 Read local file 1 Host and port the reverse shell should...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2008/07/09 12:0 a.m.18 views

Fonality trixbox - langChoice Local File Inclusion (connect-back) (2)

Fonality trixbox - langChoice Local File Inclusion connect-back 2 !/usr/bin/perl -w Jean-Michel BESNARD / LEXSI Audit 2008-07-09 This is an update of the previous exploit. We can now get a root shell, thanks to sudo. perl trixboxfiv2.pl 192.168.1.212 Please listen carefully as our menu option has...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2008/07/09 12:0 a.m.49 views

Fonality trixbox - 'langChoice' Local File Inclusion (connect-back) (2)

!/usr/bin/perl -w Jean-Michel BESNARD / LEXSI Audit 2008-07-09 This is an update of the previous exploit. We can now get a root shell, thanks to sudo. perl trixboxfiv2.pl 192.168.1.212 Please listen carefully as our menu option has changed Choose from the following options: 1 Remote TCP shell 2...

7AI score
Exploits0
Rows per page
Query Builder