CVE-2011-2545

CVE-2011-2545 is a cross-site scripting (XSS) vulnerability in the SIP INVITE FROM field handling of Cisco SPA 8000/8800 (before 6.1.11), SPA2102 and SPA3102 (before 5.2.13), and SPA 500 series IP phones (before 7.4.9). Root cause: lack of input sanitization in the SIP INVITE FROM field. Impact: ...

CVE-2011-2545

Cross-site scripting XSS vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows remote attackers to inject arbitrary web script or HTML via the FROM field of an INVITE message, aka...

Cisco Small Business Devices Cross-Site Scripting Vulnerability

Cisco Small Business Voice Gateways and Analog Telephone Adapters ATAs and Cisco Small Business SPA 500 Series IP Phones contain a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to a lack of sanitization of...

Cisco Security Advisory: Cisco TelePresence Video Communication Server Session Initiation Protocol Denial of Service Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco TelePresence Video Communication Server Session Initiation Protocol Denial of Service Vulnerabilities Advisory ID: cisco-sa-20120229-vcs Revision 1.0 For Public Release 2012 February 29 16:00 UTC GMT...

BeWelcome Cross Site Scripting

Exploit Title: BeWelcome Cross Site Scripting Date: 10.02.2012 Author: Sony Software Link: http://www.bewelcome.org Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC: http://st2tea.blogspot.com/2012/02/bw-rox-cross-site-scripting.html...

CVE-2012-1008

OfficeSIP Server 3.1 allows remote attackers to cause a denial of service daemon crash via a crafted To header in a SIP INVITE message...

Code injection

OfficeSIP Server 3.1 allows remote attackers to cause a denial of service daemon crash via a crafted To header in a SIP INVITE message...

CVE-2012-1008

CVE-2012-1008 affects OfficeSIP Server 3.1. A remote attacker can trigger a denial-of-service (daemon crash) by sending a SIP INVITE with a crafted To header. The available documents confirm the affected product and the impact but do not provide additional details on root cause, exact vulnerable ...

SA-CONTRIB-2011-037- Node Invite - Cross Site Scripting

The Node Invite module allows you to invite users with existing accounts or otherwise to specified nodes on a Drupal site. This module does not properly use t strings to ensure all text was sanitized when data was output through a formseterror message, thus creating a Cross Site Scripting XSS...

CVE-2011-2562

Unspecified vulnerability in Cisco Unified Communications Manager aka CUCM, formerly CallManager 6.x before 6.15su2, 7.x before 7.15bsu3, 8.x before 8.03asu1, and 8.5 before 8.51 allows remote attackers to cause a denial of service service outage via a SIP INVITE message, aka Bug ID CSCth43256...

Code injection

Unspecified vulnerability in Cisco Unified Communications Manager aka CUCM, formerly CallManager 6.x before 6.15su2, 7.x before 7.15bsu3, 8.x before 8.03asu1, and 8.5 before 8.51 allows remote attackers to cause a denial of service service outage via a SIP INVITE message, aka Bug ID CSCth43256...

CVE-2011-2562

CVE-2011-2562 affects Cisco Unified Communications Manager (CUCM) versions: 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1)su1. The vulnerability allows remote attackers to cause a denial of service (service outage) by sending a SIP INVITE message. Root c...

CVE-2011-2562

Unspecified vulnerability in Cisco Unified Communications Manager aka CUCM, formerly CallManager 6.x before 6.15su2, 7.x before 7.15bsu3, 8.x before 8.03asu1, and 8.5 before 8.51 allows remote attackers to cause a denial of service service outage via a SIP INVITE message, aka Bug ID CSCth43256...

Lotus Domino SMTP Router Email Server and Client - Denial of Service

Lotus Domino SMTP Router Email Server and Client - Denial of Service Exploit Title: Lotus Domino SMTP router, EMAIL server and client DoS - all 3 may crash Date: July 16, 2011 Author: None - looks like a malformed Kerio generated calendar invitation was the reason this was discovered...

Asterisk 1.8.x SIP User Enumeration

Asterisk 1.8.4.4, sip response permit username identification through use INVITE Author: francesco.tornieri "At" verona-wireless.net Summary: Sip responses permit user identification Reference: http://downloads.asterisk.org/pub/security/AST-2011-011.pdf Release Date: 30/06/2011 Criticality level:...

SIPDroid information leak

User information is leaked in reply to INVEITE message...

SIPDroid Agent User Enumeration

=====Tempest Security Intelligence - Advisory 01/2011 ======================================================================================================================== User enumeration in SIPDroid Agent ---------------------------------- Author: Anibal Vaz Marques de Aguiar =====Table of...

sipdroid 2.2 - SIP INVITE Response User Enumeration

source: https://www.securityfocus.com/bid/47710/info sipdroid is prone to a user-enumeration weakness. An attacker may leverage this issue to harvest valid usernames, which may aid in brute-force attacks. sipdroid 1.6.1, 2.0.1, and 2.2 running on Android 2.1 are vulnerable; other versions may als...

Asterisk 1.8.x SIP User Enumeration

Asterisk, sip response permit username identification through use INVITE Author: francesco.tornieri "At" verona-wireless.net Summary: Sip responses permit user identification Release Date: 01/05/2011 Criticality level: Low Impact: Information leak Software: Asterisk 1.8.x tested 1.8.3.2...

NCH Software Office Intercom SIP Invite Remote Denial of Service Vulnerability

NCH Software Office Intercom is prone to a remote denial-of-service vulnerability because it fails to properly handle specially crafted SIP INVITE requests. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...