Page 6 of 37 results (0.006 seconds)

CVSS: 7.8EPSS: 96%CPEs: 108EXPL: 3

The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (call-number exhaustion and CPU consumption) by quickly sending a large number of IAX2 (IAX) POKE requests. La implementación del protocolo IAX2 en Asterisk Open Source versiones 1.0.x, versiones 1.2.x anteriores a 1.2.30 y versiones 1.4.x anteriores a 1.4.21.2; Business Edition versiones A.x.x, versiones B.x.x anteriores a B.2.5.4 y versiones C.x.x anteriores a C.1.10.3; AsteriskNOW; Appliance Developer Kit versiones 0.x.x; y s800i versiones 1.0.x anteriores a 1.2.0.1, permite a los atacantes remotos causar una denegación de servicio (agotamiento del número de llamadas y consumo de CPU) mediante el envío rápido de un gran número de peticiones POKE de IAX2 (IAX). • https://www.exploit-db.com/exploits/32095 http://downloads.digium.com/pub/security/AST-2008-010.html http://downloads.securityfocus.com/vulnerabilities/exploits/30321.pl http://secunia.com/advisories/31178 http://secunia.com/advisories/31194 http://secunia.com/advisories/34982 http://security.gentoo.org/glsa/glsa-200905-01.xml http://www.securityfocus.com/archive/1/494675/100/0/threaded http://www.securityfocus.com/bid/30321 http://www.securitytracker.com/id?1020535 http:// • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 3%CPEs: 40EXPL: 0

The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses. El servidor AsteriskGUI HTTP en Asterisk Open Source 1.4.x antes de 1.4.19-rc3 y 1.6.x antes de 1.6.0-beta6, Business Edition C.x.x antes de C.1.6, AsteriskNOW antes de 1.0.2, Appliance Developer Kit antes de la revisión 104704 y s800i 1.0.x antes de 1.1.0.2 genera valores ID de gestión no lo suficientemente aleatorios, lo que facilita a atacantes remotos secuestrar una sesión de gestión a través de una serie de adivinaciones de ID. • http://downloads.digium.com/pub/security/AST-2008-005.html http://secunia.com/advisories/29449 http://secunia.com/advisories/29470 http://securityreason.com/securityalert/3764 http://www.securityfocus.com/archive/1/489819/100/0/threaded http://www.securityfocus.com/bid/28316 http://www.securitytracker.com/id?1019679 https://exchange.xforce.ibmcloud.com/vulnerabilities/41304 https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html https://www.redhat.com/archives/ • CWE-255: Credentials Management Errors •

CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0

SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments. Vulnerabilidad de inyección SQL en el motor de registro Call Detail Record Postgres (cdr_pgsql) de Asterisk 1.4.x anterior a 1.4.15, 1.2.x anterior a 1.2.25, B.x anterior a B.2.3.4, y C.x anterior a C.1.0-beta6 permite a usuarios remotos autenticados ejecutar comandos SQL de su elección mediante los argumentos (1) ANI y (2) DNIS. • http://downloads.digium.com/pub/security/AST-2007-026.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://secunia.com/advisories/27827 http://secunia.com/advisories/27892 http://secunia.com/advisories/29242 http://secunia.com/advisories/29782 http://security.gentoo.org/glsa/glsa-200804-13.xml http://securitytracker.com/id?1019020 http://www.debian.org/security/2007/dsa-1417 http://www.securityfocus.com/archive/1/484388/100/0/threaded http: • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors. Vulnerabilidad de inyección SQL en Postgres Realtime Engine (res_config_pgsql) de Asterisk 1.4.x anterior a 1.4.15 y C.x before C.1.0-beta6 permite a atacantes remotos ejecutar comandos SQL de su elección mediante vectores desconocidos. • http://downloads.digium.com/pub/security/AST-2007-025.html http://osvdb.org/38933 http://secunia.com/advisories/27873 http://securitytracker.com/id?1019021 http://www.securityfocus.com/archive/1/484387/100/0/threaded http://www.securityfocus.com/bid/26645 http://www.vupen.com/english/advisories/2007/4055 https://exchange.xforce.ibmcloud.com/vulnerabilities/38766 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.0EPSS: 4%CPEs: 36EXPL: 0

The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port. La implementación STUN en Asterisk 1.4.x anterior a 1.4.8, AsteriskNOW anterior a beta7, Appliance Developer Kit anterior a 0.5.0, y s800i anterior a 1.0.2 permite a atacantes remotos provocar denegación de servicio (caida) a través de una longitud de atributo manipulado STUN en un paquete STUN enviado a un puerto RTP. • http://ftp.digium.com/pub/asa/ASA-2007-017.pdf http://secunia.com/advisories/26099 http://www.securityfocus.com/bid/24950 http://www.securitytracker.com/id?1018407 http://www.vupen.com/english/advisories/2007/2563 https://exchange.xforce.ibmcloud.com/vulnerabilities/35480 •