CVE-2011-1599

CVE-2011-1599 affects Asterisk Manager Interface (manager.c) where insufficient privilege checks allow remote authenticated users to execute arbitrary commands via an Originate action with Async header and an Application header. Affected: Asterisk Open Source 1.4.x < 1.4.40.1, 1.6.1.x < 1.6...

Debian DSA-2225-1 : asterisk - several vulnerabilities

Several vulnerabilities have been discovered in Asterisk, an Open Source PBX and telephony toolkit. - CVE-2011-1147 Matthew Nicholson discovered that incorrect handling of UDPTL packets may lead to denial of service or the execution of arbitrary code. - CVE-2011-1174 Blake Cornell discovered that...

AST-2011-006: Asterisk Manager User Shell Access

Asterisk Project Security Advisory - AST-2011-006 Product Asterisk Summary Asterisk Manager User Shell Access Nature of Advisory Permission Escalation Susceptibility Remote Authenticated Sessions Severity Minor Exploits Known Yes Reported On February 10, 2011 Reported By Mark Murawski markm AT...

FreeBSD Ports: tomcat55

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2011 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Mandriva Update for tomcat5 MDVSA-2011:030 (tomcat5)

Check for the Version of tomcat5 OpenVAS Vulnerability Test Mandriva Update for tomcat5 MDVSA-2011:030 tomcat5 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag...

CVE-2011-0013

CVE-2011-0013 describes XSS in the HTML Manager Interface of Apache Tomcat: affected are Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6. The vulnerability allows remote attackers to inject arbitrary web script or HTML via the display-name tag. Mitigation is upgrading to the fix...

CVE-2011-0013

Multiple cross-site scripting XSS vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag...

Apache Tomcat 7.0.0 < 7.0.6

The version of Tomcat installed on the remote host is prior to 7.0.6. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.6security-7 advisory. - Multiple cross-site scripting XSS vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.3...

Apache Tomcat 7.0.x < 7.0.6 Manager Interface XSS

Binary data 5794.pasl...

Apache Tomcat 6.0.x < 6.0.30 Multiple Vulnerabilities

Binary data 800609.prm...

Fixed in Apache Tomcat 7.0.6

Low: Cross-site scripting CVE-2011-0013 The HTML Manager interface displayed web application provided data, such as display names, without filtering. A malicious web application could trigger script execution by an administrative user when viewing the manager pages. This was fixed in revision...

apache -- multiple vulnerabilities

Apache HTTP server project reports: The following potential security flaws are addressed: CVE-2008-2364: modproxyhttp: Better handling of excessive interim responses from origin server to prevent potential denial of service and high memory usage. Reported by Ryujiro Shibuya. CVE-2007-6420:...

Debian Security Advisory DSA 1358-1 (asterisk)

The remote host is missing an update to asterisk announced via advisory DSA 1358-1. OpenVAS Vulnerability Test $Id: deb13581.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1358-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian DSA-1358-1 : asterisk - several vulnerabilities

Several remote vulnerabilities have been discovered in Asterisk, a free software PBX and telephony toolkit. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1306 'Mu Security' discovered that a NULL pointer dereference in the SIP implementation could...

[SECURITY] [DSA 1358-1] New asterisk packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 1358-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff August 26th, 2007 http://www.debian.org/security/faq -...

CVE-2007-2294

The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service crash by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference...

Null pointer dereference

The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service crash by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference...

DEBIAN-CVE-2007-2294

The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service crash by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference...

CVE-2007-2294

The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service crash by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference...