Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5
CVE-2016-2364
- EPSS 0.34%
- Veröffentlicht 20.06.2016 01:59:05
- Zuletzt bearbeitet 12.04.2025 10:46:40
The Chrome HUDweb plugin before 2016-05-05 for Fonality (previously trixbox Pro) 12.6 through 14.1i uses the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechan...
7.8
CVE-2016-2363
- EPSS 0.1%
- Veröffentlicht 20.06.2016 01:59:04
- Zuletzt bearbeitet 12.04.2025 10:46:40
Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 uses weak permissions for the /var/www/rpc/surun script, which allows local users to obtain root access for unspecified command execution by leveraging access to the nobody accoun...
- EPSS 0.49%
- Veröffentlicht 20.06.2016 01:59:03
- Zuletzt bearbeitet 12.04.2025 10:46:40
Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 has a hardcoded password for the FTP account, which allows remote attackers to obtain access via a (1) FTP or (2) SSH connection.
1