Page 9 of 42 results (0.006 seconds)

CVSS: 5.0EPSS: 5%CPEs: 33EXPL: 2

Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter. • https://www.exploit-db.com/exploits/26475 http://osvdb.org/20577 http://secunia.com/advisories/17459 http://secunia.com/advisories/19872 http://securitytracker.com/id?1015164 http://www.assurance.com.au/advisories/200511-asterisk.txt http://www.debian.org/security/2006/dsa-1048 http://www.securityfocus.com/archive/1/415990/30/0/threaded http://www.securityfocus.com/bid/15336 http://www.vupen.com/english/advisories/2005/2346 https://exchange.xforce.ibmcloud.com/vulnerabili •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1

Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain (1) MESSAGE or (2) INFO requests. Desbordamiento de búfer en el get_msg_text de chan_sip.c en el protocolo de iniciación de sesión de entregas de Asterisk anteriores al 15/08/2003, permite a atacantes remotos ejecutar código arbitrario mediante ciertas peticiones MESSAGE o INFO. • http://www.atstake.com/research/advisories/2003/a090403-1.txt •