4455 matches found
CVE-2002-0882
The web server for Cisco IP Phone VoIP models 7910, 7940, and 7960 allows remote attackers to cause a denial of service reset and possibly read sensitive memory via a large integer value in 1 the stream ID of the StreamingStatistics script, or 2 the port ID of the PortInformation script...
CVE-2002-0880
Cisco IP Phone VoIP models 7910, 7940, and 7960 allow remote attackers to cause a denial of service crash via malformed packets as demonstrated by 1 "jolt", 2 "jolt2", 3 "raped", 4 "hping2", 5 "bloop", 6 "bubonic", 7 "mutant", 8 "trash", and 9 "trash2."...
CVE-2002-0881
The CVE-2002-0881 entry affects Cisco IP Phone (VoIP) models 7910, 7940, and 7960. The underlying issue is the use of a default administrative password, enabling attackers with physical access to the phone to modify configuration settings. Connected documents corroborate the vulnerable components...
CVE-2002-0882
CVE-2002-0882 affects Cisco IP Phone (VoIP) models 7910, 7940, and 7960. The vulnerability arises from handling large integer values in two script parameters: the stream ID of StreamingStatistics and the port ID of PortInformation. Exploitation can cause a remote DoS (reset) and may allow reading...
CVE-2002-0880
Cisco IP Phone (VoIP) models 7910, 7940, and 7960 are affected by CVE-2002-0880. Remote attackers can cause a denial of service (crash) by sending malformed packets (examples: jolt, jolt2, raped, hping2, bloop, bubonic, mutant, trash, trash2). The root cause is described only as malformed packets...
CVE-2002-0881
Cisco IP Phone VoIP models 7910, 7940, and 7960 use a default administrative password, which allows attackers with physical access to the phone to modify the configuration settings...
CVE-2002-0880
Cisco IP Phone VoIP models 7910, 7940, and 7960 allow remote attackers to cause a denial of service crash via malformed packets as demonstrated by 1 "jolt", 2 "jolt2", 3 "raped", 4 "hping2", 5 "bloop", 6 "bubonic", 7 "mutant", 8 "trash", and 9 "trash2."...
CVE-2002-0882
The web server for Cisco IP Phone VoIP models 7910, 7940, and 7960 allows remote attackers to cause a denial of service reset and possibly read sensitive memory via a large integer value in 1 the stream ID of the StreamingStatistics script, or 2 the port ID of the PortInformation script...
CVE-2002-0670
The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwords for HTTP basic authentication, which allows remote attackers to steal and easily decode the passwords via sniffing...
CVE-2002-0675
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not require administrative privileges to perform a firmware upgrade, which allows unauthorized users to upgrade the phone...
CVE-2002-0671
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote attackers to install Trojan horse applications via DNS spoofing...
CVE-2002-0667
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 has a default null administrator password, which could allow remote attackers to gain access to the phone...
CVE-2002-0672
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to restore the phone to factory defaults without authentication via a menu option, which sets the administrator password to null...
CVE-2002-0667
CVE-2002-0667 concerns Pingtel xpressa SIP phones (model PX-1) running software 1.2.5–1.2.7.4. The issue arises from a default administrator password set to null (admin user), enabling remote and local administrative access, manipulation of SIP signaling, and potential takeover of the device. Con...
CVE-2002-0670
The CVE-2002-0670 issue affects Pingtel xpressa SIP phones (software versions 1.2.5–1.2.7.4). The web interface uses HTTP Basic authentication with Base64-encoded credentials, allowing remote attackers to sniff and decode usernames/passwords in transit. Documents confirm the risk is tied to unenc...
CVE-2002-0670
The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwords for HTTP basic authentication, which allows remote attackers to steal and easily decode the passwords via sniffing...
Cisco VoIP Phone Multiple Script Malformed Request DoS
The remote host appears to be a Cisco IP phone. It was possible to reboot this device by requesting : http:///StreamingStatistics?120000 This device likely has other vulnerabilities that Nessus has not checked for. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Script audit and contribution...
Pc-to-Phone vulnerability - broken by design
Dear Sirs, This is to report a security vulnerability in DeltaThree's Pc-To-Phone product, version 3.0.3 latest version, and possibly earlier versions. This security flaw was first reported to DeltaThree/iConnectHere on October 3, 2001, where I told the company about the security flaw, how it cou...
CVE-2000-1089
CVE-2000-1089 is a buffer overflow in Microsoft’s IIS Phone Book Service (pbserver.dll) that, per the description, allows local users to execute arbitrary commands (Phone Book Service Buffer Overflow). Public material references MS00-094 as the corrective update and notes that the vulnerable comp...
CVE-2000-1089
Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the "Phone Book Service Buffer Overflow" vulnerability...