CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2007-5411 – Linksys SPA941 - 'SIP From' HTML Injection
https://notcve.org/view.php?id=CVE-2007-5411
Cross-site scripting (XSS) vulnerability in the Linksys SPA941 VoIP Phone with firmware 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the From header in a SIP message. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Linksys SPA941 VoIP Phone con el firmware 5.1.8 permite a atacantes remotos inyectar scripts web o HTML de su elección mediante la cabecera From en un mensaje SIP. • https://www.exploit-db.com/exploits/30650 http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066430.html http://secunia.com/advisories/27116 http://www.securityfocus.com/bid/25987 https://exchange.xforce.ibmcloud.com/vulnerabilities/37022 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 16%CPEs: 1EXPL: 3CVE-2007-2270 – Linksys SPA941 - '\377' Character Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-2270
The Linksys SPA941 VoIP Phone allows remote attackers to cause a denial of service (device reboot) via a 0377 (0xff) character in the From header, and possibly certain other locations, in a SIP INVITE request. Linksys SPA941 VoIP Phone permite a atacantes remotos provocar denegación de servicio (reinicio de dispositivo) a través del caracter 0377 (0ff) en la cabecera From, y posiblemente otras ciertas localizaciones en una respuesta SIP INVITE. • https://www.exploit-db.com/exploits/3791 https://www.exploit-db.com/exploits/3792 http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053959.html http://secunia.com/advisories/25031 http://www.securityfocus.com/bid/23619 http://www.securitytracker.com/id?1017957 http://www.vupen.com/english/advisories/2007/1532 https://exchange.xforce.ibmcloud.com/vulnerabilities/33856 •