National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:fonality:trixbox:-
There are 4 matching records.
Vuln ID Summary CVSS Severity
CVE-2014-5112

maint/modules/home/index.php in Fonality trixbox allows remote attackers to execute arbitrary commands via shell metacharacters in the lang parameter.

Published: July 28, 2014; 11:55:04 AM -04:00
    V2: 7.5 HIGH
CVE-2014-5111

Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.

Published: July 28, 2014; 11:55:04 AM -04:00
    V2: 5.0 MEDIUM
CVE-2014-5110

Cross-site scripting (XSS) vulnerability in user/help/html/index.php in Fonality trixbox allows remote attackers to inject arbitrary web script or HTML via the id_nodo parameter.

Published: July 28, 2014; 11:55:04 AM -04:00
    V2: 4.3 MEDIUM
CVE-2014-5109

SQL injection vulnerability in maint/modules/endpointcfg/endpoint_generic.php in Fonality trixbox allows remote attackers to execute arbitrary SQL commands via the mac parameter in a Submit action.

Published: July 28, 2014; 11:55:04 AM -04:00
    V2: 7.5 HIGH