VYPR

Trixbox

by Trixbox

CVEs (6)

  • CVE-2017-14535HigFeb 16, 2018
    risk 0.64cvss 8.8epss 0.50

    trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php.

  • CVE-2017-14537MedFeb 16, 2018
    risk 0.48cvss 6.5epss 0.39

    trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.

  • CVE-2017-14536MedFeb 16, 2018
    risk 0.35cvss 5.4epss 0.01

    trixbox 2.8.0.4 has XSS via the PATH_INFO to /maint/index.php or /user/includes/language/langChooser.php.

  • CVE-2008-6825Jun 5, 2009
    risk 0.05cvss epss 0.20

    Directory traversal vulnerability in user/index.php in Fonality trixbox CE 2.6.1 and earlier allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the langChoice parameter.

  • CVE-2008-0540Feb 1, 2008
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in trixbox 2.4.2.0 allow remote attackers to inject arbitrary web script or HTML via the query string to index.php in (1) user/ or (2) maint/.

  • CVE-2008-3903Sep 4, 2008
    risk 0.00cvss epss 0.02

    Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1, and 1.6.0.x before 1.6.0.8; Asterisk Business Edition A.x.x, B.x.x before B.2.5.8, C.1.x.x before C.1.10.5, and C.2.x.x before C.2.3.3; s800i 1.3.x before 1.3.0.2; and Trixbox PBX 2.6.1, when Digest authentication…