Lucene search
K

15 matches found

EUVD
EUVD
added 2026/05/29 12:44 p.m.15 views

EUVD-2026-33298

FreePBX is an open source IP PBX. Prior to 16.0.50 and 17.0.11, the CDR Reports module page allows SQL injection through the order and sort POST parameters. Authentication with a FreePBX Administration Control Panel account that has CDR section access is required. Full administrator privileges ar...

8.5CVSS5.8AI score0.00289EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:37 a.m.2 views

SUSE CVE-2017-16671

A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrari...

8.8CVSS8.7AI score0.03344EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/12/25 12:0 a.m.4 views

PT-2022-7110 · Sangoma · Freepbx

Name of the Vulnerable Software and Affected Versions: FreePBX cdr versions 14.0 through 14.0.5.20 Description: The issue is related to the ajaxHandler function in the ucp/Cdr.class.php file of the FreePBX web interface, which fails to protect against SQL query structure attacks. This can allow a...

9.8CVSS6.8AI score0.00679EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2017/11/09 12:29 a.m.3 views

CVE-2017-16671

A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrari...

8.8CVSS5.5AI score0.06243EPSS
Exploits0References6
OSV
OSV
added 2017/11/09 12:29 a.m.3 views

UBUNTU-CVE-2017-16671

A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrari...

8.8CVSS7.3AI score0.03344EPSS
Exploits0References6
OSV
OSV
added 2017/11/09 12:29 a.m.1 views

DEBIAN-CVE-2017-16671

A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrari...

8.8CVSS8.5AI score0.03344EPSS
Exploits0References1
OSV
OSV
added 2017/04/10 2:59 p.m.3 views

UBUNTU-CVE-2017-7617

Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chansip, the CDR dialplan function, and the AMI Monitor action...

8.8CVSS7.9AI score0.06243EPSS
Exploits0References5
OSV
OSV
added 2017/04/10 2:59 p.m.1 views

DEBIAN-CVE-2017-7617

Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chansip, the CDR dialplan function, and the AMI Monitor action...

8.8CVSS8AI score0.06243EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2010/11/02 12:0 a.m.37 views

BroadWorks - Call Detail Record Security Bypass

source: https://www.securityfocus.com/bid/44597/info BroadWorks is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and to obtain sensitive information. Successful exploits will enable the attacker to monitor the incoming and...

7.4AI score
Exploits0
Prion
Prion
added 2007/11/30 1:46 a.m.18 views

Sql injection

SQL injection vulnerability in the Call Detail Record Postgres logging engine cdrpgsql in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via 1 ANI and 2 DNIS arguments...

6.5CVSS8.1AI score0.02811EPSS
Exploits1References13Affected Software2
OSV
OSV
added 2007/11/30 1:46 a.m.6 views

CVE-2007-6170

SQL injection vulnerability in the Call Detail Record Postgres logging engine cdrpgsql in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via 1 ANI and 2 DNIS arguments...

7.7AI score
Exploits0References14
OSV
OSV
added 2007/11/30 1:46 a.m.1 views

DEBIAN-CVE-2007-6170

SQL injection vulnerability in the Call Detail Record Postgres logging engine cdrpgsql in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via 1 ANI and 2 DNIS arguments...

6.5CVSS8.2AI score0.02811EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2007/11/30 1:0 a.m.32 views

CVE-2007-6170

SQL injection vulnerability in the Call Detail Record Postgres logging engine cdrpgsql in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via 1 ANI and 2 DNIS arguments...

6.5CVSS8AI score0.02811EPSS
Exploits1
securityvulns
securityvulns
added 2007/11/30 12:0 a.m.258 views

AST-2007-026 - SQL Injection issue in cdr_pgsql

Asterisk Project Security Advisory - AST-2007-026 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | SQL Injection issue in cdrpgsql |...

0.1AI score
Exploits0
OSV
OSV
added 2003/09/22 4:0 a.m.2 views

DEBIAN-CVE-2003-0779

SQL injection vulnerability in the Call Detail Record CDR logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string...

7.5CVSS8.5AI score0.0144EPSS
Exploits1References1
Rows per page
Query Builder