Page 8 of 46 results (0.004 seconds)

CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0

CVE-2007-6170

https://notcve.org/view.php?id=CVE-2007-6170

SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments. Vulnerabilidad de inyección SQL en el motor de registro Call Detail Record Postgres (cdr_pgsql) de Asterisk 1.4.x anterior a 1.4.15, 1.2.x anterior a 1.2.25, B.x anterior a B.2.3.4, y C.x anterior a C.1.0-beta6 permite a usuarios remotos autenticados ejecutar comandos SQL de su elección mediante los argumentos (1) ANI y (2) DNIS. • http://downloads.digium.com/pub/security/AST-2007-026.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://secunia.com/advisories/27827 http://secunia.com/advisories/27892 http://secunia.com/advisories/29242 http://secunia.com/advisories/29782 http://security.gentoo.org/glsa/glsa-200804-13.xml http://securitytracker.com/id?1019020 http://www.debian.org/security/2007/dsa-1417 http://www.securityfocus.com/archive/1/484388/100/0/threaded http: • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.8EPSS: 3%CPEs: 1EXPL: 0

CVE-2007-5358

https://notcve.org/view.php?id=CVE-2007-5358

Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields. NOTE: vector 2 requires write access to Asterisk configuration files. Múltiples desbordamientos de búfer en la funcionalidad de voicemail del Asterisk 1.4.x anterior al 1.4.13, cuando se utiliza el almacenamiento IMAP, puede permitir (1) a atacantes ejecutar código de su elección a través de una combinación larga de cabeceras dependientes del tipo (Content-type) y de la descripción (Content-description), o (2) usuarios locales ejecutar código de su elección a través de una combinación larga de los campos astspooldir, voicemail context y voicemail mailbox. NOTA: el vector 2 requiere acceso de escritura en los ficheros de configuración del Asterisk. • http://downloads.digium.com/pub/security/AST-2007-022.html http://osvdb.org/38201 http://osvdb.org/38202 http://secunia.com/advisories/27184 http://www.securityfocus.com/archive/1/481996/100/0/threaded http://www.securityfocus.com/bid/26005 http://www.securitytracker.com/id?1018804 http://www.vupen.com/english/advisories/2007/3454 https://exchange.xforce.ibmcloud.com/vulnerabilities/37051 https://exchange.xforce.ibmcloud.com/vulnerabilities/37052 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 12%CPEs: 7EXPL: 0

CVE-2007-4521

https://notcve.org/view.php?id=CVE-2007-4521

Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an IMAP voicemail storage backend, allows remote attackers to cause a denial of service via an e-mail with an "invalid/corrupted" MIME body, which triggers a crash when the recipient listens to voicemail. Asterisk Open Source 1.4.5 hasta la 1.4.11, cuando la configuración utiliza un almacenamiento de correo por voz (voicemail) del IMAP backend, permite a atacantes remotos provocar denegación de servicio a través de un correo electrónico con un cuerpo MIME " "inválido/corrupto", lo cual dispara una caida cuando el recipiente escucha en el correo por voz (voicemail). • http://downloads.digium.com/pub/asa/AST-2007-021.html http://secunia.com/advisories/26601 http://secunia.com/advisories/26602 http://securityreason.com/securityalert/3065 http://www.securityfocus.com/archive/1/477729/100/0/threaded http://www.securityfocus.com/bid/25438 http://www.securitytracker.com/id?1018606 http://www.vupen.com/english/advisories/2007/2978 https://exchange.xforce.ibmcloud.com/vulnerabilities/36261 •

CVSS: 5.0EPSS: 4%CPEs: 36EXPL: 0

CVE-2007-3765

https://notcve.org/view.php?id=CVE-2007-3765

The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port. La implementación STUN en Asterisk 1.4.x anterior a 1.4.8, AsteriskNOW anterior a beta7, Appliance Developer Kit anterior a 0.5.0, y s800i anterior a 1.0.2 permite a atacantes remotos provocar denegación de servicio (caida) a través de una longitud de atributo manipulado STUN en un paquete STUN enviado a un puerto RTP. • http://ftp.digium.com/pub/asa/ASA-2007-017.pdf http://secunia.com/advisories/26099 http://www.securityfocus.com/bid/24950 http://www.securitytracker.com/id?1018407 http://www.vupen.com/english/advisories/2007/2563 https://exchange.xforce.ibmcloud.com/vulnerabilities/35480 •

CVSS: 5.0EPSS: 97%CPEs: 36EXPL: 1

CVE-2007-3764 – Asterisk < 1.2.22/1.4.8/2.2.1 - 'chan_skinny' Remote Denial of Service

https://notcve.org/view.php?id=CVE-2007-3764

The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an "overly large memcpy." El controlador de canal Skinny (chan_skinny) en Asterisk anterior a 1.2.22 y 1.4.x anterior a 1.4.8, Business Edition anterior a B.2.2.1, AsteriskNOW anterior a la beta7, Appliance Developer Kit anterior a 0.5.0, y s800i anterior a 1.0.2 permite a atacantes remotos provocar denegación de servicio (caida) a través de ciertos valores de longitudes de datos en un paquete manipulado, lo cual deriva en un "copia de memoria demasiado larga". • https://www.exploit-db.com/exploits/4196 http://bugs.gentoo.org/show_bug.cgi?id=185713 http://ftp.digium.com/pub/asa/ASA-2007-016.pdf http://secunia.com/advisories/26099 http://secunia.com/advisories/29051 http://security.gentoo.org/glsa/glsa-200802-11.xml http://www.debian.org/security/2007/dsa-1358 http://www.novell.com/linux/security/advisories/2007_15_sr.html http://www.securityfocus.com/bid/24950 http://www.securitytracker.com/id?1018407 http://www •