CVSS: 7.5EPSS: 3%CPEs: 145EXPL: 0CVE-2008-1897
https://notcve.org/view.php?id=CVE-2008-1897
23 Apr 2008 — The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server's reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a... • http://bugs.digium.com/view.php?id=10078 • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 1%CPEs: 40EXPL: 0CVE-2008-1390
https://notcve.org/view.php?id=CVE-2008-1390
24 Mar 2008 — The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses. El servidor AsteriskGUI HTTP en Asterisk Open Source 1.4.x antes de 1.4.19-rc3 y 1.6.x antes de 1.6.0-beta6, Busin... • http://downloads.digium.com/pub/security/AST-2008-005.html • CWE-255: Credentials Management Errors •
CVSS: 9.1EPSS: 0%CPEs: 109EXPL: 0CVE-2008-1332
https://notcve.org/view.php?id=CVE-2008-1332
20 Mar 2008 — Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header. Vulnerabilidad no especificada en Asterisk Open Source versiones 1.2.x anteriores a 1.2.27, 1.4.x anteriores a 1.4.18.1 y 1.4.19-rc... • http://downloads.digium.com/pub/security/AST-2008-003.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2007-6170
https://notcve.org/view.php?id=CVE-2007-6170
30 Nov 2007 — SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments. Vulnerabilidad de inyección SQL en el motor de registro Call Detail Record Postgres (cdr_pgsql) de Asterisk 1.4.x anterior a 1.4.15, 1.2.x anterior a 1.2.25, B.x anterior a B.2.3.4, y C.x anterior a C.1.0-beta6 permit... • http://downloads.digium.com/pub/security/AST-2007-026.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2007-6171
https://notcve.org/view.php?id=CVE-2007-6171
30 Nov 2007 — SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors. Vulnerabilidad de inyección SQL en Postgres Realtime Engine (res_config_pgsql) de Asterisk 1.4.x anterior a 1.4.15 y C.x before C.1.0-beta6 permite a atacantes remotos ejecutar comandos SQL de su elección mediante vectores desconocidos. • http://downloads.digium.com/pub/security/AST-2007-025.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 9%CPEs: 36EXPL: 0CVE-2007-3762
https://notcve.org/view.php?id=CVE-2007-3762
18 Jul 2007 — Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame. Desbordamiento de búfer basado en pila en el controlador de canal IAX2 (chan_iax2) de Asterisk anterior a 1.2.22 y 1.4.x anterior a 1.4.8, Business Edition anterior a B.2.2.... • http://bugs.gentoo.org/show_bug.cgi?id=185713 •
CVSS: 7.5EPSS: 29%CPEs: 36EXPL: 1CVE-2007-3763 – Asterisk < 1.2.22/1.4.8 - IAX2 Channel Driver Remote Crash
https://notcve.org/view.php?id=CVE-2007-3763
18 Jul 2007 — The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable. El gestor de dispositivo de canal IAX2 (chan_iax... • https://www.exploit-db.com/exploits/4249 •
CVSS: 7.5EPSS: 45%CPEs: 36EXPL: 1CVE-2007-3764 – Asterisk < 1.2.22/1.4.8/2.2.1 - 'chan_skinny' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-3764
18 Jul 2007 — The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an "overly large memcpy." El controlador de canal Skinny (chan_skinny) en Asterisk anterior a 1.2.22 y 1.4.x anterior a 1.4.8, Business Edition anterior a B.2.2.1, Asteris... • https://www.exploit-db.com/exploits/4196 •
CVSS: 7.5EPSS: 0%CPEs: 36EXPL: 0CVE-2007-3765
https://notcve.org/view.php?id=CVE-2007-3765
18 Jul 2007 — The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port. La implementación STUN en Asterisk 1.4.x anterior a 1.4.8, AsteriskNOW anterior a beta7, Appliance Developer Kit anterior a 0.5.0, y s800i anterior a 1.0.2 permite a atacantes remotos provocar denegación de servicio (caida) a través d... • http://ftp.digium.com/pub/asa/ASA-2007-017.pdf •
CVSS: 9.8EPSS: 36%CPEs: 3EXPL: 3CVE-2007-2293 – Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2007-2293
26 Apr 2007 — Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long (1) T38FaxRateManagement or (2) T38FaxUdpEC SDP parameter in an SIP message, as demonstrated using SIP INVITE. Múltiples desbordamientos de búfer basados en pila en la función process_sdp del chan_sip.c en el en el analizador sintáctico SIP channel T.38 del Asterisk, anterior al 1.4.3. permiten a atacantes remo... • https://www.exploit-db.com/exploits/29900 •