Lucene search
K

100 matches found

securityvulns
securityvulns
added 2007/08/21 12:0 a.m.43 views

[Full-disclosure] 10 messages SIP Remote DOS on Cisco 7940 SIP Phone

MADYNES Security Advisory : stateful SIP remote DOS on Cisco 7940 Date of Discovery 4 April, 2007 ID: KIPH6 Synopsis After sending a series of ten SIP messages the device reboots. The phone does not check properly the state engine in the SIP stack The vendor was informed in April 2007 and...

0.6AI score
Exploits0
Prion
Prion
added 2007/04/24 5:19 p.m.16 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the 1 From, 2 To, 3 Call-ID, 4 User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by...

6.8CVSS5.9AI score0.04456EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2007/04/24 5:19 p.m.14 views

CVE-2007-2191

Multiple cross-site scripting XSS vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the 1 From, 2 To, 3 Call-ID, 4 User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by...

6.8CVSS5.7AI score0.04456EPSS
Exploits1References7
Cvelist
Cvelist
added 2007/04/24 5:0 p.m.18 views

CVE-2007-2191

Multiple cross-site scripting XSS vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the 1 From, 2 To, 3 Call-ID, 4 User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by...

5.7AI score0.04456EPSS
Exploits1References7
CVE
CVE
added 2007/04/24 5:0 p.m.55 views

CVE-2007-2191

CVE-2007-2191 describes multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.2.x . The flaws allow remote attackers to inject arbitrary web script or HTML via SIP-related fields (1) From, (2) To, (3) Call-ID, (4) User-Agent, and potentially other SIP headers, with the malicious data s...

6.8CVSS5.7AI score0.04456EPSS
Exploits1References7Affected Software1
securityvulns
securityvulns
added 2007/03/22 12:0 a.m.33 views

Grandstream Budge Tone VOIP phones DoS

Crash on SIP protocol INVITE message parsing...

7.8CVSS2.9AI score0.0395EPSS
Exploits0References1Affected Software1
exploitpack
exploitpack
added 2007/03/21 12:0 a.m.15 views

Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (PoC) (1)

Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow PoC 1 source: https://www.securityfocus.com/bid/23648/info Asterisk is prone to multiple remote stack-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before copying it...

1.2AI score
Exploits0
Exploit DB
Exploit DB
added 2007/03/20 12:0 a.m.38 views

Cisco Phone 7940/7960 - 'SIP INVITE' Remote Denial of Service

!/usr/bin/perl Title: Cisco 7940 SIP INVITE remote DOS Date: February 19, 2007 ID: KIPH2 Synopsis: After sending a cra fted INVITE message the device immediately reboots. The phone does not check properly the sipURI field of the Remote-Party-ID in the message. The vendor was informed and...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2007/03/20 12:0 a.m.13 views

Cisco Phone 79407960 - SIP INVITE Remote Denial of Service

Cisco Phone 79407960 - SIP INVITE Remote Denial of Service !/usr/bin/perl Title: Cisco 7940 SIP INVITE remote DOS Date: February 19, 2007 ID: KIPH2 Synopsis: After sending a cra fted INVITE message the device immediately reboots. The phone does not check properly the sipURI field of the...

0.3AI score
Exploits0
Fedora
Fedora
added 2007/02/21 4:19 a.m.14 views

[SECURITY] Fedora Core 6 Update: ekiga-2.0.5-2.fc6

Ekiga is a tool to communicate with video and audio over the internet. It uses the standard SIP and H323 protocols...

2.1AI score
Exploits0
Fedora
Fedora
added 2007/02/21 4:18 a.m.15 views

[SECURITY] Fedora Core 5 Update: ekiga-2.0.1-4

GnomeMeeting is a tool to communicate with video and audio over the interne t. It uses the the standard SIP and H323 protocols...

2AI score
Exploits0
Saint
Saint
added 2006/07/17 12:0 a.m.33 views

sipXtapi Cseq header buffer overflow

Added: 07/17/2006 CVE: CVE-2006-3524 BID: 18906 OSVDB: 27122 Background The Session Initiation Protocol SIP is a signaling protocol for a variety of uses, including instant messanging and Voice over Internet Protocol. sipXtapi is a client library for SIP-based user agents. It is included in Pingt...

7.5CVSS7.5AI score0.66993EPSS
Exploits14
securityvulns
securityvulns
added 2006/07/12 12:0 a.m.43 views

Multiple Cisco Unified CallManager security vulnerabilities

Multiple vulnerabilities with Command Line Interface and SIP protocol processing...

2.1AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2006/02/14 12:0 a.m.42 views

eStara SIP softphone several message-processing vulnerabilities

Visit http://www.nosec.org for more infomation SIP is the important protocol in VOIP, and I think it'll improve fast and fast in the future just like the TCP/IP. In that time, we can contact each other by VOIP for vedio and sound very cheaply. As a new protocol, most vendor just consider the usab...

0.7AI score
Exploits0
exploitpack
exploitpack
added 2005/05/31 12:0 a.m.20 views

Ethereal 0.10.10 - SIP Protocol Dissector Remote Buffer Overflow

Ethereal 0.10.10 - SIP Protocol Dissector Remote Buffer Overflow / tetherealsip.c now quite functional Ethereal 0.10.0 to 0.10.10 SIP Dissector remote root exploit Advisory: http://www.ethereal.com/appnotes/enpa-sa-00019.html produced by Team W00dp3ck3r: frauk\x41iser mag00n s00n thorben Notes:...

0.7AI score
Exploits0
OSV
OSV
added 2003/09/17 4:0 a.m.6 views

CVE-2003-0761

Buffer overflow in the getmsgtext of chansip.c in the Session Initiation Protocol SIP protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain 1 MESSAGE or 2 INFO requests...

8.3AI score
Exploits0References2
Cvelist
Cvelist
added 2003/09/12 4:0 a.m.24 views

CVE-2003-0761

Buffer overflow in the getmsgtext of chansip.c in the Session Initiation Protocol SIP protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain 1 MESSAGE or 2 INFO requests...

8AI score0.03896EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2003/09/12 4:0 a.m.39 views

CVE-2003-0761

Buffer overflow in the getmsgtext of chansip.c in the Session Initiation Protocol SIP protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain 1 MESSAGE or 2 INFO requests...

7.5CVSS7.9AI score0.03896EPSS
Exploits1
securityvulns
securityvulns
added 2003/09/08 12:0 a.m.25 views

[NEWS] Asterisk SIP Implementation Issue

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

Exploits0
securityvulns
securityvulns
added 2003/02/22 12:0 a.m.31 views

Multiple products SIP protocol implementation vulnerabilities

Multiple vulnerabilities in multiple products of multiple vendors...

3.3AI score
Exploits0References2Affected Software5
Rows per page
Query Builder