Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
netfortris trixbox - vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-7351
An OS Command Injection vulnerability in the endpoint_devicemap.php component of Fonality Trixbox Community Edition allows an malicious user to execute commands on the underlying operating system as the "asterisk" user. Note that Trixbox Community Edition has been unsup...
Netfortris Trixbox
8.8
CVSSv3
CVE-2017-14535
trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php.
Netfortris Trixbox 2.8.0.4
6.5
CVSSv3
CVE-2017-14537
trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.
Netfortris Trixbox 2.8.0.4
5.4
CVSSv3
CVE-2017-14536
trixbox 2.8.0.4 has XSS via the PATH_INFO to /maint/index.php or /user/includes/language/langChooser.php.
Netfortris Trixbox 2.8.0.4
NA
CVE-2014-5109
SQL injection vulnerability in maint/modules/endpointcfg/endpoint_generic.php in Fonality trixbox allows remote malicious users to execute arbitrary SQL commands via the mac parameter in a Submit action.
Netfortris Trixbox -
1 EDB exploit
NA
CVE-2014-5110
Cross-site scripting (XSS) vulnerability in user/help/html/index.php in Fonality trixbox allows remote malicious users to inject arbitrary web script or HTML via the id_nodo parameter.
Netfortris Trixbox -
NA
CVE-2014-5111
Multiple directory traversal vulnerabilities in Fonality trixbox allow remote malicious users to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in main...
Netfortris Trixbox -
4 EDB exploits
NA
CVE-2014-5112
maint/modules/home/index.php in Fonality trixbox allows remote malicious users to execute arbitrary commands via shell metacharacters in the lang parameter.
Netfortris Trixbox -
1 EDB exploit
NA
CVE-2010-0702
SQL injection vulnerability in cisco/services/PhonecDirectory.php in Fonality Trixbox 2.2.4 allows remote malicious users to execute arbitrary SQL commands via the ID parameter.
Netfortris Trixbox 2.2.4
1 EDB exploit
NA
CVE-2007-6424
registry.pl in Fonality Trixbox 2.0 PBX products, when running in certain environments, reads and executes a set of commands from a remote web site without sufficiently validating the origin of the commands, which allows remote malicious users to disable trixbox and execute arbit...
Netfortris Trixbox 2.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started