1122 matches found
DEBIAN-CVE-2014-8416
Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the respjsiprefer module, allows remote attackers to cause a denial of service crash via an in-dialog INVITE with Replaces message, which triggers the channel to ...
Design/Logic Flaw
Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the respjsiprefer module, allows remote attackers to cause a denial of service crash via an in-dialog INVITE with Replaces message, which triggers the channel to ...
CVE-2014-8416
Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the respjsiprefer module, allows remote attackers to cause a denial of service crash via an in-dialog INVITE with Replaces message, which triggers the channel to ...
Thomson SpeedTouch 2030 SIP Invite Message Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/25446/info Thomson SpeedTouch 2030 is prone to a denial-of-service vulnerability because the device fails to handle specially crafted SIP INVITE messages. Exploiting this issue allows remote attackers to cause the device ...
Microsoft MSN Messenger 1-4 Malformed Invite Request Denial of Service
No description provided by source. source: http://www.securityfocus.com/bid/4827/info Microsoft's MSN Messenger is an instant messenging client for Windows based machines, based on the Passport system. A vulnerability has been reported in some versions of MSN Messenger. Under some circumstances, ...
Ayman Akt IRCIT 0.3.1 Invite Message Remote Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4998/info IRCIT is a terminal based IRC client for Linux and Unix systems. IRCIT contains a remote buffer overflow vulnerability. When a INVITE message is received, the supplied from user data is copied into a fixed buffe...
NCH Officeintercom <= 5.20 - Remote Denial of Service Vulnerability
No description provided by source. !/usr/bin/python Exploit Title: NCH Officeintercom = v5.20 Remote Denial of Service Vulnerability Date: 11/24/2010 Author: xsploited security URL: http://www.x-sploited.com/ Contact: xsploitedsecurity at x-sploited.com Software Link:...
Colloquy <= 2.1.3545 (INVITE) Format String Denial of Service Exploit
No description provided by source. !/usr/bin/ruby c Copyright 2006 Lance M. Havok [email protected] Makes use of the Colloquy INVITE format string vulnerability. require 'socket' targetchannel = ARGV0 || whatever targetserver = ARGV1 || irc.server.org targetport = ARGV2 || 6667 randnick = spongeb...
Uzbey: email field doesn't filtered against XSS
Hi, Pre-configuration, create new contact in Gmail with mail a" 1. Go to Invites. 2. Click on Invite Gmail Friends. 3. Accept the pop up. 4. XSS will activate on the email field. Few issues continue during this issue: 1. When you click on this email address you get failure on AJAX functionally. 2...
Digium Asterisk File Descriptor Invalid Headers Syntax Denial of Service (CVE-2014-2287)
A denial of service condition has been reported in Digium Asterisk. The vulnerability is due to file descriptor exhaustion from a large number of invalid SIP INVITE requests. A remote attacker can exploit this vulnerability to cause a denial of service condition...
CVE-2014-3415
SQL injection vulnerability in Sharetronix before 3.4 allows remote authenticated users to execute arbitrary SQL commands via the inviteusers parameter to the /invite page for a group...
Sql injection
SQL injection vulnerability in Sharetronix before 3.4 allows remote authenticated users to execute arbitrary SQL commands via the inviteusers parameter to the /invite page for a group...
CVE-2014-3415
SQL injection vulnerability in Sharetronix before 3.4 allows remote authenticated users to execute arbitrary SQL commands via the inviteusers parameter to the /invite page for a group...
CVE-2014-2287
channels/chansip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chansip has a certain configuration, allows remote authenticated users to cause a denial of service...
DEBIAN-CVE-2014-2287
channels/chansip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chansip has a certain configuration, allows remote authenticated users to cause a denial of service...
CVE-2014-2287
channels/chansip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chansip has a certain configuration, allows remote authenticated users to cause a denial of service...
CVE-2014-2287
CVE-2014-2287 affects Asterisk chan_sip in 1.8.x prior to 1.8.26.1, 11.8.x prior to 11.8.1, and 12.1.x prior to 12.1.1, plus certain Certified Asterisk builds. A remote authenticated user can cause a denial of service by sending an INVITE with a malformed or invalid Session-Expires or Min-SE head...
CVE-2014-2287
channels/chansip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chansip has a certain configuration, allows remote authenticated users to cause a denial of service...
Localize: XSS in invite approval
If a translator's name is set as “ and requests to join a project, and the project admin clicks on the review to accept it, it results in an xss. Screen: attacker/translator: http://prntscr.com/3ax1ca contributor/admin: http://prntscr.com/3ax1ix...
MGASA-2014-0172 Updated asterisk packages fix security vulnerabilities
Updated asterisk packages fix security vulnerabilities: In Asterisk before 11.8.1, sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack. You could even exhaust memory if you sent an unlimited number of headers in the request...