100 matches found
[Full-disclosure] 10 messages SIP Remote DOS on Cisco 7940 SIP Phone
MADYNES Security Advisory : stateful SIP remote DOS on Cisco 7940 Date of Discovery 4 April, 2007 ID: KIPH6 Synopsis After sending a series of ten SIP messages the device reboots. The phone does not check properly the state engine in the SIP stack The vendor was informed in April 2007 and...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the 1 From, 2 To, 3 Call-ID, 4 User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by...
CVE-2007-2191
Multiple cross-site scripting XSS vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the 1 From, 2 To, 3 Call-ID, 4 User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by...
CVE-2007-2191
Multiple cross-site scripting XSS vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the 1 From, 2 To, 3 Call-ID, 4 User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by...
CVE-2007-2191
CVE-2007-2191 describes multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.2.x . The flaws allow remote attackers to inject arbitrary web script or HTML via SIP-related fields (1) From, (2) To, (3) Call-ID, (4) User-Agent, and potentially other SIP headers, with the malicious data s...
Grandstream Budge Tone VOIP phones DoS
Crash on SIP protocol INVITE message parsing...
Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (PoC) (1)
Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow PoC 1 source: https://www.securityfocus.com/bid/23648/info Asterisk is prone to multiple remote stack-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before copying it...
Cisco Phone 7940/7960 - 'SIP INVITE' Remote Denial of Service
!/usr/bin/perl Title: Cisco 7940 SIP INVITE remote DOS Date: February 19, 2007 ID: KIPH2 Synopsis: After sending a cra fted INVITE message the device immediately reboots. The phone does not check properly the sipURI field of the Remote-Party-ID in the message. The vendor was informed and...
Cisco Phone 79407960 - SIP INVITE Remote Denial of Service
Cisco Phone 79407960 - SIP INVITE Remote Denial of Service !/usr/bin/perl Title: Cisco 7940 SIP INVITE remote DOS Date: February 19, 2007 ID: KIPH2 Synopsis: After sending a cra fted INVITE message the device immediately reboots. The phone does not check properly the sipURI field of the...
[SECURITY] Fedora Core 6 Update: ekiga-2.0.5-2.fc6
Ekiga is a tool to communicate with video and audio over the internet. It uses the standard SIP and H323 protocols...
[SECURITY] Fedora Core 5 Update: ekiga-2.0.1-4
GnomeMeeting is a tool to communicate with video and audio over the interne t. It uses the the standard SIP and H323 protocols...
sipXtapi Cseq header buffer overflow
Added: 07/17/2006 CVE: CVE-2006-3524 BID: 18906 OSVDB: 27122 Background The Session Initiation Protocol SIP is a signaling protocol for a variety of uses, including instant messanging and Voice over Internet Protocol. sipXtapi is a client library for SIP-based user agents. It is included in Pingt...
Multiple Cisco Unified CallManager security vulnerabilities
Multiple vulnerabilities with Command Line Interface and SIP protocol processing...
eStara SIP softphone several message-processing vulnerabilities
Visit http://www.nosec.org for more infomation SIP is the important protocol in VOIP, and I think it'll improve fast and fast in the future just like the TCP/IP. In that time, we can contact each other by VOIP for vedio and sound very cheaply. As a new protocol, most vendor just consider the usab...
Ethereal 0.10.10 - SIP Protocol Dissector Remote Buffer Overflow
Ethereal 0.10.10 - SIP Protocol Dissector Remote Buffer Overflow / tetherealsip.c now quite functional Ethereal 0.10.0 to 0.10.10 SIP Dissector remote root exploit Advisory: http://www.ethereal.com/appnotes/enpa-sa-00019.html produced by Team W00dp3ck3r: frauk\x41iser mag00n s00n thorben Notes:...
CVE-2003-0761
Buffer overflow in the getmsgtext of chansip.c in the Session Initiation Protocol SIP protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain 1 MESSAGE or 2 INFO requests...
CVE-2003-0761
Buffer overflow in the getmsgtext of chansip.c in the Session Initiation Protocol SIP protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain 1 MESSAGE or 2 INFO requests...
CVE-2003-0761
Buffer overflow in the getmsgtext of chansip.c in the Session Initiation Protocol SIP protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain 1 MESSAGE or 2 INFO requests...
[NEWS] Asterisk SIP Implementation Issue
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
Multiple products SIP protocol implementation vulnerabilities
Multiple vulnerabilities in multiple products of multiple vendors...