Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
netfortris trixbox vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-5110
Cross-site scripting (XSS) vulnerability in user/help/html/index.php in Fonality trixbox allows remote malicious users to inject arbitrary web script or HTML via the id_nodo parameter.
Netfortris Trixbox -
NA
CVE-2014-5111
Multiple directory traversal vulnerabilities in Fonality trixbox allow remote malicious users to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in main...
Netfortris Trixbox -
4 EDB exploits
NA
CVE-2014-5109
SQL injection vulnerability in maint/modules/endpointcfg/endpoint_generic.php in Fonality trixbox allows remote malicious users to execute arbitrary SQL commands via the mac parameter in a Submit action.
Netfortris Trixbox -
1 EDB exploit
NA
CVE-2014-5112
maint/modules/home/index.php in Fonality trixbox allows remote malicious users to execute arbitrary commands via shell metacharacters in the lang parameter.
Netfortris Trixbox -
1 EDB exploit
8.8
CVSSv3
CVE-2020-7351
An OS Command Injection vulnerability in the endpoint_devicemap.php component of Fonality Trixbox Community Edition allows an malicious user to execute commands on the underlying operating system as the "asterisk" user. Note that Trixbox Community Edition has been unsup...
Netfortris Trixbox
NA
CVE-2007-6424
registry.pl in Fonality Trixbox 2.0 PBX products, when running in certain environments, reads and executes a set of commands from a remote web site without sufficiently validating the origin of the commands, which allows remote malicious users to disable trixbox and execute arbit...
Netfortris Trixbox 2.0
8.8
CVSSv3
CVE-2017-14535
trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php.
Netfortris Trixbox 2.8.0.4
5.4
CVSSv3
CVE-2017-14536
trixbox 2.8.0.4 has XSS via the PATH_INFO to /maint/index.php or /user/includes/language/langChooser.php.
Netfortris Trixbox 2.8.0.4
NA
CVE-2010-0702
SQL injection vulnerability in cisco/services/PhonecDirectory.php in Fonality Trixbox 2.2.4 allows remote malicious users to execute arbitrary SQL commands via the ID parameter.
Netfortris Trixbox 2.2.4
1 EDB exploit
6.5
CVSSv3
CVE-2017-14537
trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.
Netfortris Trixbox 2.8.0.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started