CVSS: 9.8EPSS: 5%CPEs: 20EXPL: 0CVE-2006-4345
https://notcve.org/view.php?id=CVE-2006-4345
24 Aug 2006 — Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint (AUEP) response. Desbordamiento de búfer basado en pila en channels/chan_mgcp.c de MGCP en Asterisk 1.0 hasta 1.2.10 permite a atacantes remotos ejecutar código de su elección mediante una respuesta de fin de auditoría (audit endpoint) (AUEP) manipulada. • http://ftp.digium.com/pub/asterisk/ChangeLog-1.2.11 •
CVSS: 9.8EPSS: 3%CPEs: 38EXPL: 1CVE-2006-1827
https://notcve.org/view.php?id=CVE-2006-1827
18 Apr 2006 — Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length. • http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz •
CVSS: 7.5EPSS: 5%CPEs: 33EXPL: 2CVE-2005-3559 – Asterisk 0.x/1.0/1.2 Voicemail - Unauthorized Access
https://notcve.org/view.php?id=CVE-2005-3559
16 Nov 2005 — Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter. • https://www.exploit-db.com/exploits/26475 •