CVE-2005-3559 – Asterisk 0.x/1.0/1.2 Voicemail - Unauthorized Access

https://notcve.org/view.php?id=CVE-2005-3559

16 Nov 2005 — Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter. Several problems have been discovered in Asterisk, an Open Source Private Branch Exchange (telephone control center). Adam Pointon discovered that due to missing input sanitizing it is possible to retrieve recorded phone messages for a different extension. Emmanouel Kellinis discovered an integer signedness error that could trigger a buf... • https://www.exploit-db.com/exploits/26475 •