RSS   Podatności dla 'Trixbox'   RSS

2014-07-28
 
CVE-2014-5112

CWE-94
 

 
maint/modules/home/index.php in Fonality trixbox allows remote attackers to execute arbitrary commands via shell metacharacters in the lang parameter.

 
 
CVE-2014-5111

CWE-22
 

 
Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.

 
 
CVE-2014-5110

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in user/help/html/index.php in Fonality trixbox allows remote attackers to inject arbitrary web script or HTML via the id_nodo parameter.

 
 
CVE-2014-5109

CWE-89
 

 
SQL injection vulnerability in maint/modules/endpointcfg/endpoint_generic.php in Fonality trixbox allows remote attackers to execute arbitrary SQL commands via the mac parameter in a Submit action.

 
2010-02-23
 
CVE-2010-0702

CWE-89
 

 
SQL injection vulnerability in cisco/services/PhonecDirectory.php in Fonality Trixbox 2.2.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

 
2007-12-18
 
CVE-2007-6424

CWE-264
 

 
registry.pl in Fonality Trixbox 2.0 PBX products, when running in certain environments, reads and executes a set of commands from a remote web site without sufficiently validating the origin of the commands, which allows remote attackers to disable trixbox and execute arbitrary commands via a DNS spoofing attack.

 

 >>> Vendor: Fonality 3 Produkty
Trixbox
Fonality
Hud web


Copyright 2024, cxsecurity.com

 

Back to Top