Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
trixbox trixbox vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2008-6825
Directory traversal vulnerability in user/index.php in Fonality trixbox CE 2.6.1 and previous versions allows remote malicious users to include and execute arbitrary files via a .. (dot dot) in the langChoice parameter.
Trixbox Trixbox 2.0
Trixbox Trixbox 2.4.2.0
Trixbox Trixbox
3 EDB exploits
4.3
CVSSv2
CVE-2008-0540
Multiple cross-site scripting (XSS) vulnerabilities in trixbox 2.4.2.0 allow remote malicious users to inject arbitrary web script or HTML via the query string to index.php in (1) user/ or (2) maint/.
Trixbox Trixbox 2.4.2.0
2 EDB exploits
9
CVSSv2
CVE-2020-7351
An OS Command Injection vulnerability in the endpoint_devicemap.php component of Fonality Trixbox Community Edition allows an malicious user to execute commands on the underlying operating system as the "asterisk" user. Note that Trixbox Community Edition has been unsup...
Netfortris Trixbox
7.5
CVSSv2
CVE-2014-5109
SQL injection vulnerability in maint/modules/endpointcfg/endpoint_generic.php in Fonality trixbox allows remote malicious users to execute arbitrary SQL commands via the mac parameter in a Submit action.
Netfortris Trixbox -
1 EDB exploit
5
CVSSv2
CVE-2014-5111
Multiple directory traversal vulnerabilities in Fonality trixbox allow remote malicious users to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in main...
Netfortris Trixbox -
4 EDB exploits
4.3
CVSSv2
CVE-2014-5110
Cross-site scripting (XSS) vulnerability in user/help/html/index.php in Fonality trixbox allows remote malicious users to inject arbitrary web script or HTML via the id_nodo parameter.
Netfortris Trixbox -
7.5
CVSSv2
CVE-2014-5112
maint/modules/home/index.php in Fonality trixbox allows remote malicious users to execute arbitrary commands via shell metacharacters in the lang parameter.
Netfortris Trixbox -
1 EDB exploit
9
CVSSv2
CVE-2017-14535
trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php.
Netfortris Trixbox 2.8.0.4
4
CVSSv2
CVE-2017-14537
trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.
Netfortris Trixbox 2.8.0.4
3.5
CVSSv2
CVE-2017-14536
trixbox 2.8.0.4 has XSS via the PATH_INFO to /maint/index.php or /user/includes/language/langChooser.php.
Netfortris Trixbox 2.8.0.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »