Updated asterisk packages fix security vulnerabilities

Updated asterisk packages fix security vulnerabilities: In Asterisk before 11.8.1, sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack. You could even exhaust memory if you sent an unlimited number of headers in the request...

PhonerLite 2.14 SIP Soft Phone - SIP Digest Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I. Advisory Summary Title: SIP Digest Leak Information Disclosure in PhonerLite 2.14 SIP Soft Phone Date Published: March 30, 2014 Vendors contacted: Heiko Sommerfeldt, PhonerLite author Discovered by: Jason Ostrom Severity: Medium II. Vulnerability...

Asterisk SIP INVITE请求处理拒绝服务漏洞

CVE ID:CVE-2014-2287 Asterisk是一款实现电话用户交换机（PBX）功能的自由软件、开源软件。 Asterisk处理特制的SIP INVITE请求时存在漏洞，由于没有正确释放文件描述符，允许远程攻击者利用漏洞提交恶意请求消耗完所有可用文件描述符，进行拒绝服务攻击。 0 Asterisk Open Source 1.8.26.0 Asterisk Open Source 11.8.0 Asterisk Open Source 12.1.0 Certified Asterisk 1.8.15-cert4 Certified Asterisk 11.6-cert1...

FreeBSD : asterisk -- multiple vulnerabilities (03159886-a8a3-11e3-8f36-0025905a4771)

The Asterisk project reports : Stack Overflow in HTTP Processing of Cookie Headers. Sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack. You could even exhaust memory if you sent an unlimited number of headers in the request. Denial of...

RelateIQ: HTML injection in "Invite Collaborators"

I was able to edit the contents of the "Invite Collaborators" mail, by using HTML code as my first name. By exploiting this vulnerability, an attacker could send an email with custom text/html code from [email protected] from the RelateIQ server to any recipient. This can be used for phishing...

BlueHat v13 is Coming

This week, starting Thursday, we’ll be hosting our 13th edition of BlueHat. I’m always so impressed with the level of knowledge we attract to each BlueHat, and while the event is invite-only, we’ll be sharing glimpses into the event via this blog and the hashtag BlueHat. For each of the past six...

Facebook Open URL Redirection vulnerability

Security Researcher Dan Melamed discovered an Open URL redirection vulnerability in Facebook that allowed him to have a facebook.com link redirect to any website without restrictions. An open URL Redirection flaw is generally used to convince a user to click on a trusted link which is specially...

Fedora 20 : ReviewBoard-1.7.16-2.fc20 / python-djblets-0.7.21-1.fc20 (2013-18840)

Review Board 1.6.19 and 1.7.15 fix a few issues in the API where users could access certain data they should not have been able to access, if using the Local Sites feature, invite-only groups, or private repositories. It also fixes cases with invite-only groups where the group name and list of...

Fedora 19 : ReviewBoard-1.7.16-2.fc19 / python-djblets-0.7.21-1.fc19 (2013-18931)

Review Board 1.6.19 and 1.7.15 fix a few issues in the API where users could access certain data they should not have been able to access, if using the Local Sites feature, invite-only groups, or private repositories. It also fixes cases with invite-only groups where the group name and list of...

CVE-2013-1220

The CallServer component in Cisco Unified Customer Voice Portal CVP Software before 9.0.1 ES 11 allows remote attackers to cause a denial of service call-acceptance outage via malformed SIP INVITE messages, aka Bug ID CSCua65148...

Code injection

The CallServer component in Cisco Unified Customer Voice Portal CVP Software before 9.0.1 ES 11 allows remote attackers to cause a denial of service call-acceptance outage via malformed SIP INVITE messages, aka Bug ID CSCua65148...

CVE-2013-1220

The CallServer component in Cisco Unified Customer Voice Portal CVP Software before 9.0.1 ES 11 allows remote attackers to cause a denial of service call-acceptance outage via malformed SIP INVITE messages, aka Bug ID CSCua65148...

CVE-2013-1220

CVE-2013-1220 affects Cisco Unified CVP (CallServer) prior to 9.0.1 ES 11, where remote attackers can trigger a denial of service (call-acceptance outage) by sending malformed SIP INVITE messages. The vulnerability is documented in Cisco advisory cisco-sa-20130508-cvp and is confirmed in multiple...

Asterisk SIP Channel Driver Username Disclosure (AST-2013-003)

According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a username disclosure vulnerability related to INVITE, SUBSCRIBE and REGISTER transactions and improper settings for the configuration options 'alwaysauthreject', 'allowguest'...

XSS vulnerability in invite-users-panel.vm [$i18n.getText('easyuser.send.invitations.email.placeholder', [$siteTitle]), line 37]

Panopticon http://panopticon.dyn.syd.atlassian.com/ has detected that the following file contains a XSS vulnerability. This vulnerability has been manually confirmed. File: confluence-plugins/confluence-bundled-plugins/confluence-easyuser-admin/src/main/resources/templates/invite-users-panel.vm...

XSS vulnerability in invite-users-panel.vm [$i18n.getText('easyuser.send.invitations.email.placeholder', [$siteTitle]), line 37]

Panopticon http://panopticon.dyn.syd.atlassian.com/ has detected that the following file contains a XSS vulnerability. This vulnerability has been manually confirmed. File: confluence-plugins/confluence-bundled-plugins/confluence-easyuser-admin/src/main/resources/templates/invite-users-panel.vm...

Scientific Linux Security Update : pidgin on SL4.x, SL5.x i386/x86_64

CVE-2009-3026 pidgin: ignores SSL/TLS requirements with old jabber servers CVE-2009-2703 Pidgin: NULL pointer dereference by handling IRC topics DoS CVE-2009-3083 Pidgin: NULL pointer dereference by processing incomplete MSN SLP invite DoS CVE-2009-3085 Pidgin: NULL pointer dereference by...

sip-call-spoof NSE Script

Spoofs a call to a SIP phone and detects the action taken by the target busy, declined, hung up, etc. This works by sending a fake sip invite request to the target phone and checking the responses. A response with status code 180 means that the phone is ringing. The script waits for the next...

CVE-2011-2545

Cross-site scripting XSS vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows remote attackers to inject arbitrary web script or HTML via the FROM field of an INVITE message, aka...

Cross site scripting

Cross-site scripting XSS vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows remote attackers to inject arbitrary web script or HTML via the FROM field of an INVITE message, aka...