VYPR

trixbox

by Fonality

CVEs (7)

  • CVE-2014-5111Jul 28, 2014
    risk 0.05cvss epss 0.21

    Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in…

  • CVE-2008-6825Jun 5, 2009
    risk 0.05cvss epss 0.20

    Directory traversal vulnerability in user/index.php in Fonality trixbox CE 2.6.1 and earlier allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the langChoice parameter.

  • CVE-2014-5112Jul 28, 2014
    risk 0.04cvss epss 0.09

    maint/modules/home/index.php in Fonality trixbox allows remote attackers to execute arbitrary commands via shell metacharacters in the lang parameter.

  • CVE-2014-5109Jul 28, 2014
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in maint/modules/endpointcfg/endpoint_generic.php in Fonality trixbox allows remote attackers to execute arbitrary SQL commands via the mac parameter in a Submit action.

  • CVE-2010-0702Feb 23, 2010
    risk 0.03cvss epss 0.04

    SQL injection vulnerability in cisco/services/PhonecDirectory.php in Fonality Trixbox 2.2.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

  • CVE-2014-5110Jul 28, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in user/help/html/index.php in Fonality trixbox allows remote attackers to inject arbitrary web script or HTML via the id_nodo parameter.

  • CVE-2007-6424Dec 18, 2007
    risk 0.00cvss epss 0.02

    registry.pl in Fonality Trixbox 2.0 PBX products, when running in certain environments, reads and executes a set of commands from a remote web site without sufficiently validating the origin of the commands, which allows remote attackers to disable trixbox and execute arbitrary…