trixbox
by Fonality
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-5111 | 0.05 | — | 0.21 | Jul 28, 2014 | Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in… | |||
| CVE-2008-6825 | 0.05 | — | 0.20 | Jun 5, 2009 | Directory traversal vulnerability in user/index.php in Fonality trixbox CE 2.6.1 and earlier allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the langChoice parameter. | |||
| CVE-2014-5112 | 0.04 | — | 0.09 | Jul 28, 2014 | maint/modules/home/index.php in Fonality trixbox allows remote attackers to execute arbitrary commands via shell metacharacters in the lang parameter. | |||
| CVE-2014-5109 | 0.03 | — | 0.03 | Jul 28, 2014 | SQL injection vulnerability in maint/modules/endpointcfg/endpoint_generic.php in Fonality trixbox allows remote attackers to execute arbitrary SQL commands via the mac parameter in a Submit action. | |||
| CVE-2010-0702 | 0.03 | — | 0.04 | Feb 23, 2010 | SQL injection vulnerability in cisco/services/PhonecDirectory.php in Fonality Trixbox 2.2.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||
| CVE-2014-5110 | 0.00 | — | 0.02 | Jul 28, 2014 | Cross-site scripting (XSS) vulnerability in user/help/html/index.php in Fonality trixbox allows remote attackers to inject arbitrary web script or HTML via the id_nodo parameter. | |||
| CVE-2007-6424 | 0.00 | — | 0.02 | Dec 18, 2007 | registry.pl in Fonality Trixbox 2.0 PBX products, when running in certain environments, reads and executes a set of commands from a remote web site without sufficiently validating the origin of the commands, which allows remote attackers to disable trixbox and execute arbitrary… |
- CVE-2014-5111Jul 28, 2014risk 0.05cvss —epss 0.21
Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in…
- CVE-2008-6825Jun 5, 2009risk 0.05cvss —epss 0.20
Directory traversal vulnerability in user/index.php in Fonality trixbox CE 2.6.1 and earlier allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the langChoice parameter.
- CVE-2014-5112Jul 28, 2014risk 0.04cvss —epss 0.09
maint/modules/home/index.php in Fonality trixbox allows remote attackers to execute arbitrary commands via shell metacharacters in the lang parameter.
- CVE-2014-5109Jul 28, 2014risk 0.03cvss —epss 0.03
SQL injection vulnerability in maint/modules/endpointcfg/endpoint_generic.php in Fonality trixbox allows remote attackers to execute arbitrary SQL commands via the mac parameter in a Submit action.
- CVE-2010-0702Feb 23, 2010risk 0.03cvss —epss 0.04
SQL injection vulnerability in cisco/services/PhonecDirectory.php in Fonality Trixbox 2.2.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
- CVE-2014-5110Jul 28, 2014risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in user/help/html/index.php in Fonality trixbox allows remote attackers to inject arbitrary web script or HTML via the id_nodo parameter.
- CVE-2007-6424Dec 18, 2007risk 0.00cvss —epss 0.02
registry.pl in Fonality Trixbox 2.0 PBX products, when running in certain environments, reads and executes a set of commands from a remote web site without sufficiently validating the origin of the commands, which allows remote attackers to disable trixbox and execute arbitrary…