2 results (0.024 seconds)

CVSS: 5.0EPSS: 8%CPEs: 16EXPL: 0

The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and Asterisk-Addons 1.4.x before 1.4.7 creates a remotely accessible TCP port that is intended solely for localhost communication, and interprets some TCP application-data fields as addresses of memory to free, which allows remote attackers to cause a denial of service (daemon crash) via crafted TCP packets. El controlador de canal ooh323 channel en Asterisk Addons 1.2.x anteriores a 1.2.9 y Asterisk-Addons 1.4.x anteriores a 1.4.7 crea un puerto TCP accesible remotamente previsto únicamente para comunicaciones localhost, e interpreta algunos campos application-data como direcciones de memoria para liberar, lo que permite a atacantes remotos provocar una denegación de servicio (caída de demonio) mediante paquetes TCP manipulados. • http://downloads.digium.com/pub/security/AST-2008-009.html http://secunia.com/advisories/30555 http://securitytracker.com/id?1020202 http://www.securityfocus.com/archive/1/493122/100/0/threaded http://www.securityfocus.com/archive/1/493144/100/0/threaded http://www.securityfocus.com/bid/29567 http://www.vupen.com/english/advisories/2008/1747/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42869 • CWE-399: Resource Management Errors •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2

Multiple SQL injection vulnerabilities in cdr_addon_mysql in Asterisk-Addons before 1.2.8, and 1.4.x before 1.4.4, allow remote attackers to execute arbitrary SQL commands via the (1) source and (2) destination numbers, and probably (3) SIP URI, when inserting a record. Múltiples vulnerabilidades de inyección SQL en la función cdr_addon_mysql en Asterisk-Addons versiones anteriores a 1.2.8 y versiones 1.4.x anteriores a 1.4.4, permiten a atacantes remotos ejecutar comandos SQL arbitrarios por medio de los números (1) de origen y (2) de destino, y probablemente el (3) URI SIP, al insertar un registro. • https://www.exploit-db.com/exploits/30677 http://downloads.digium.com/pub/security/AST-2007-023.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066744.html http://osvdb.org/37880 http://secunia.com/advisories/27278 http://www.securityfocus.com/bid/26095 http://www.securitytracker.com/id?1018824 https://exchange.xforce.ibmcloud.com/vulnerabilities/37235 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •