Page 9 of 46 results (0.006 seconds)

CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0

SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments. Vulnerabilidad de inyección SQL en el motor de registro Call Detail Record Postgres (cdr_pgsql) de Asterisk 1.4.x anterior a 1.4.15, 1.2.x anterior a 1.2.25, B.x anterior a B.2.3.4, y C.x anterior a C.1.0-beta6 permite a usuarios remotos autenticados ejecutar comandos SQL de su elección mediante los argumentos (1) ANI y (2) DNIS. • http://downloads.digium.com/pub/security/AST-2007-026.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://secunia.com/advisories/27827 http://secunia.com/advisories/27892 http://secunia.com/advisories/29242 http://secunia.com/advisories/29782 http://security.gentoo.org/glsa/glsa-200804-13.xml http://securitytracker.com/id?1019020 http://www.debian.org/security/2007/dsa-1417 http://www.securityfocus.com/archive/1/484388/100/0/threaded http: • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors. Vulnerabilidad de inyección SQL en Postgres Realtime Engine (res_config_pgsql) de Asterisk 1.4.x anterior a 1.4.15 y C.x before C.1.0-beta6 permite a atacantes remotos ejecutar comandos SQL de su elección mediante vectores desconocidos. • http://downloads.digium.com/pub/security/AST-2007-025.html http://osvdb.org/38933 http://secunia.com/advisories/27873 http://securitytracker.com/id?1019021 http://www.securityfocus.com/archive/1/484387/100/0/threaded http://www.securityfocus.com/bid/26645 http://www.vupen.com/english/advisories/2007/4055 https://exchange.xforce.ibmcloud.com/vulnerabilities/38766 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.0EPSS: 4%CPEs: 36EXPL: 0

The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port. La implementación STUN en Asterisk 1.4.x anterior a 1.4.8, AsteriskNOW anterior a beta7, Appliance Developer Kit anterior a 0.5.0, y s800i anterior a 1.0.2 permite a atacantes remotos provocar denegación de servicio (caida) a través de una longitud de atributo manipulado STUN en un paquete STUN enviado a un puerto RTP. • http://ftp.digium.com/pub/asa/ASA-2007-017.pdf http://secunia.com/advisories/26099 http://www.securityfocus.com/bid/24950 http://www.securitytracker.com/id?1018407 http://www.vupen.com/english/advisories/2007/2563 https://exchange.xforce.ibmcloud.com/vulnerabilities/35480 •

CVSS: 5.0EPSS: 97%CPEs: 36EXPL: 1

The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an "overly large memcpy." El controlador de canal Skinny (chan_skinny) en Asterisk anterior a 1.2.22 y 1.4.x anterior a 1.4.8, Business Edition anterior a B.2.2.1, AsteriskNOW anterior a la beta7, Appliance Developer Kit anterior a 0.5.0, y s800i anterior a 1.0.2 permite a atacantes remotos provocar denegación de servicio (caida) a través de ciertos valores de longitudes de datos en un paquete manipulado, lo cual deriva en un "copia de memoria demasiado larga". • https://www.exploit-db.com/exploits/4196 http://bugs.gentoo.org/show_bug.cgi?id=185713 http://ftp.digium.com/pub/asa/ASA-2007-016.pdf http://secunia.com/advisories/26099 http://secunia.com/advisories/29051 http://security.gentoo.org/glsa/glsa-200802-11.xml http://www.debian.org/security/2007/dsa-1358 http://www.novell.com/linux/security/advisories/2007_15_sr.html http://www.securityfocus.com/bid/24950 http://www.securitytracker.com/id?1018407 http://www •

CVSS: 5.0EPSS: 95%CPEs: 36EXPL: 1

The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable. El gestor de dispositivo de canal IAX2 (chan_iax2) en Asterisk versiones anteriores a 1.2.22 y 1.4.x versiones anteriores a 1.4.8, Business Edition versiones anteriores a B.2.2.1, AsteriskNOW versiones anteriores a beta7, Appliance Developer Kit versiones anteriores a 0.5.0, y s800i versiones anteriores a 1.0.2 permite a atacantes remotos provocar una denegación de servicio (caída) mediante tramas (1) LAGRQ ó (2) LAGRP que contienen elementos de información de tramas IAX, que resulta en una referencia a puntero NULL cuando Asterisk no asigna apropiadamente una variable asociado. • https://www.exploit-db.com/exploits/4249 http://bugs.gentoo.org/show_bug.cgi?id=185713 http://ftp.digium.com/pub/asa/ASA-2007-015.pdf http://secunia.com/advisories/26099 http://secunia.com/advisories/29051 http://security.gentoo.org/glsa/glsa-200802-11.xml http://www.debian.org/security/2007/dsa-1358 http://www.novell.com/linux/security/advisories/2007_15_sr.html http://www.securityfocus.com/bid/24950 http://www.securitytracker.com/id?1018407 http://www •