Page 24 of 118 results (0.005 seconds)

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0

Stack-based buffer overflow in the function that parses commands in Asterisk 1.0.7, when the 'write = command' option is enabled, allows remote attackers to execute arbitrary code via a command that has two double quotes followed by a tab character. • http://marc.info/?l=bugtraq&m=111946399501080&w=2 http://www.portcullis-security.com/advisory/advisory-05-013.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/21115 •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1

SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string. Vulnerabilidad de inyección de SQL en la funcionalidad de registro Call Detail Record (CDR) de Asterisk permite a atacantes remotos ejecutra SQL arbitrario mediante una cadena CallerID. • http://www.atstake.com/research/advisories/2003/a091103-1.txt •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1

Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain (1) MESSAGE or (2) INFO requests. Desbordamiento de búfer en el get_msg_text de chan_sip.c en el protocolo de iniciación de sesión de entregas de Asterisk anteriores al 15/08/2003, permite a atacantes remotos ejecutar código arbitrario mediante ciertas peticiones MESSAGE o INFO. • http://www.atstake.com/research/advisories/2003/a090403-1.txt •