Page 10 of 55 results (0.011 seconds)

CVSS: 7.8EPSS: 84%CPEs: 13EXPL: 0

CVE-2006-5445

https://notcve.org/view.php?id=CVE-2006-5445

Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of "a real pvt structure" that uses more resources than necessary. Vulnerabilidad no especificada en el controlador de canal SIP (channels/chan_sip.c) en ASterisk 1.2.x anteriores a 1.2.13 y 1.4.x aneriores a 1.4.0-beta3 permite a atacantes remotos provocar una denegación de servicio (agotamiento de recursos) a través de vectores no especificados que resultan en la creación de una "estructura pvt real" que usa más recursos de los necesarios. • http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13 http://secunia.com/advisories/22651 http://secunia.com/advisories/22979 http://www.asterisk.org/node/109 http://www.asterisk.org/node/110 http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml http://www.novell.com/linux/security/advisories/2006_69_asterisk.html http://www.osvdb.org/29973 http://www.securityfocus.com/archive/1/449183/100/0/threaded http://www.securityfocus.com/bid/20835 http: •

CVSS: 7.5EPSS: 96%CPEs: 26EXPL: 2

CVE-2006-5444 – Asterisk 1.0.12/1.2.12.1 - 'chan_skinny' Remote Heap Overflow (PoC)

https://notcve.org/view.php?id=CVE-2006-5444

Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow. Desbordamiento de entero en la función get_input en el controlador de canal Skinny (chan_skinny.c) en Asterisk 1.0.x anteriores a 1.0.12 y 1.2.x anteriores a 1.2.13, utilizados en los teléfonos Cisco SCCP, permite a atacantes remotos ejecutar código de su elección mediante un cierto valor dlen que pasa una comparación de entero con signo y lleva a un desbordamiento de búfer basado en montón. • https://www.exploit-db.com/exploits/2597 http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.0.12 http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13 http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050171.html http://secunia.com/advisories/22480 http://secunia.com/advisories/22651 http://secunia.com/advisories/22979 http://secunia.com/advisories/23212 http://securitytracker.com/id?1017089 http://www.asterisk.org/node/109 http://www.gent •

CVSS: 7.5EPSS: 17%CPEs: 20EXPL: 0

CVE-2006-4345

https://notcve.org/view.php?id=CVE-2006-4345

Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint (AUEP) response. Desbordamiento de búfer basado en pila en channels/chan_mgcp.c de MGCP en Asterisk 1.0 hasta 1.2.10 permite a atacantes remotos ejecutar código de su elección mediante una respuesta de fin de auditoría (audit endpoint) (AUEP) manipulada. • http://ftp.digium.com/pub/asterisk/ChangeLog-1.2.11 http://labs.musecurity.com/advisories/MU-200608-01.txt http://secunia.com/advisories/21600 http://secunia.com/advisories/22651 http://securitytracker.com/id?1016742 http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml http://www.securityfocus.com/archive/1/444322/100/0/threaded http://www.securityfocus.com/bid/19683 http://www.sineapps.com/news.php?rssid=1448 http://www.vupen.com/english/advisories/2006/3372& •

CVSS: 7.5EPSS: 7%CPEs: 1EXPL: 0

CVE-2006-4346

https://notcve.org/view.php?id=CVE-2006-4346

Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to (1) execute code via format string specifiers or (2) overwrite files via directory traversals involving unspecified vectors, as demonstrated by the CALLERIDNAME variable. Asterisk 1.2.10 soporta el uso de variables controladas por cliente para determinar los nombres de archivo en la función Record, lo que permite a atacantes remotos (1) ejecutar código mediante especificadores de cadena de formato o (2) sobrescribir archivos mediante saltos de directorio relacionados con vectores no especificados, como se ha demostrado mediante la variable CALLERIDNAME. • http://labs.musecurity.com/advisories/MU-200608-01.txt http://secunia.com/advisories/22651 http://securitytracker.com/id?1016742 http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml http://www.securityfocus.com/archive/1/444322/100/0/threaded http://www.securityfocus.com/bid/19683 http://www.sineapps.com/news.php?rssid=1448 http://www.vupen.com/english/advisories/2006/3372 https://exchange.xforce.ibmcloud.com/vulnerabilities/28544 https://exchange.xforce.ibmcloud.com/vu •

CVSS: 7.5EPSS: 14%CPEs: 9EXPL: 0

CVE-2006-2898

https://notcve.org/view.php?id=CVE-2006-2898

The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buffer overflow involving negative length check. NOTE: the vendor advisory claims that only a DoS is possible, but the original researcher is reliable. • http://secunia.com/advisories/20497 http://secunia.com/advisories/20658 http://secunia.com/advisories/20899 http://secunia.com/advisories/21222 http://securitytracker.com/id?1016236 http://www.asterisk.org/node/95 http://www.debian.org/security/2006/dsa-1126 http://www.gentoo.org/security/en/glsa/glsa-200606-15.xml http://www.novell.com/linux/security/advisories/2006_38_security.html http://www.securityfocus.com/archive/1/436127/100/0/threaded http://www.securityfoc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •