CVSS: 7.5EPSS: 2%CPEs: 16EXPL: 0CVE-2008-2543 – AST-2008-009.txt
https://notcve.org/view.php?id=CVE-2008-2543
05 Jun 2008 — The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and Asterisk-Addons 1.4.x before 1.4.7 creates a remotely accessible TCP port that is intended solely for localhost communication, and interprets some TCP application-data fields as addresses of memory to free, which allows remote attackers to cause a denial of service (daemon crash) via crafted TCP packets. El controlador de canal ooh323 channel en Asterisk Addons 1.2.x anteriores a 1.2.9 y Asterisk-Addons 1.4.x anteriores a 1.4.7 crea un puer... • http://downloads.digium.com/pub/security/AST-2008-009.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2007-5488 – Asterisk 'asterisk-addons' 1.2.7/1.4.3 - CDR_ADDON_MYSQL Module SQL Injection
https://notcve.org/view.php?id=CVE-2007-5488
17 Oct 2007 — Multiple SQL injection vulnerabilities in cdr_addon_mysql in Asterisk-Addons before 1.2.8, and 1.4.x before 1.4.4, allow remote attackers to execute arbitrary SQL commands via the (1) source and (2) destination numbers, and probably (3) SIP URI, when inserting a record. Múltiples vulnerabilidades de inyección SQL en la función cdr_addon_mysql en Asterisk-Addons versiones anteriores a 1.2.8 y versiones 1.4.x anteriores a 1.4.4, permiten a atacantes remotos ejecutar comandos SQL arbitrarios por medio de los n... • https://packetstorm.news/files/id/60187 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •