54 matches found
SUSE CVE-2003-1303
Buffer overflow in the imapfetchoverview function in the IMAP functionality phpimap.c in PHP before 4.3.3 allows remote attackers to cause a denial of service segmentation fault and possibly execute arbitrary code via a long e-mail address in a 1 To or 2 From header...
SUSE CVE-2007-1718
CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the 1 Subject or 2 To parameter, as demonstrat...
Debian DSA-4267-1 : kamailio - security update
Henning Westerholt discovered a flaw related to the To header processing in kamailio, a very fast, dynamic and configurable SIP server. Missing input validation in the buildresbuffromsipreq function could result in denial of service and potentially the execution of arbitrary code. C Tenable Netwo...
ALPINE-CVE-2018-14767
In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double "To" header and an empty "To" tag causes a segmentation fault and crash. The reason is missing input validation in the "buildresbuffromsipreq" core function. This could result in denial of service and potentially...
DEBIAN-CVE-2018-14767
In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double "To" header and an empty "To" tag causes a segmentation fault and crash. The reason is missing input validation in the "buildresbuffromsipreq" core function. This could result in denial of service and potentially...
PT-2018-12707 · Kamailio +2 · Kamailio +2
Name of the Vulnerable Software and Affected Versions: Kamailio versions prior to 5.0.7 Kamailio versions 5.1.x prior to 5.1.4 Description: A crafted SIP message with a double "To" header and an empty "To" tag can cause a segmentation fault and crash due to missing input validation in the build r...
DEBIAN-CVE-2017-14098
In the pjsip channel driver respjsip in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash...
Digium Asterisk Denial of Service Vulnerability (CNVD-2017-30817)
Digium Asterisk is a set of open source telephone exchange PBX system software from Digium, USA. The software supports voicemail , multi-party voice conferencing , interactive voice response IVR , etc. pjsip channel driver respjsip is one of the pjsip driver . A security vulnerability exists in t...
asterisk -- Remote Crash Vulerability in res_pjsip
The Asterisk project reports: A carefully crafted URI in a From, To or Contact header could cause Asterisk to crash...
OfficeSIP Server 3.1 - Denial of Service
OfficeSIP Server 3.1 - Denial of Service Title : OfficeSIP Server Denial Of Service Vulnerability Author : Prabhu S Angadi SecPod Technologies www.secpod.com Vendor : http://www.officesip.com Advisory : http://secpod.org/blog/?p=461...
CVE-2010-2835
CVE-2010-2835 affects Cisco IOS Software (12.2–12.4, 15.0–15.1), Cisco IOS-XE 2.5.x/2.6.x before 2.6.1, and CUCM 6.x/7.x/8.x. The flaw resides in SIP processing where a crafted SIP REFER with an invalid Refer-To header can trigger a DoS, causing device reloads or voice-services outages. Fixed ver...
DEBIAN-CVE-2009-3727
Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error message...
[Full-disclosure] DOS vulnerability on Thomson SIP phone ST 2030 using the TO Header
MADYNES Security Advisory : Remote DOS on Thomson SIP phone ST 2030 Date of Discovery 15 February, 2007 Vendor was notified on 1 March 2007 ID: KIPH9 Synopsis After sending a message where the TO URI field is crafted, the device looks functional but in fact does not respond to any event provoking...
security flaw
Buffer overflow in the imapfetchoverview function in the IMAP functionality phpimap.c in PHP before 4.3.3 allows remote attackers to cause a denial of service segmentation fault and possibly execute arbitrary code via a long e-mail address in a 1 To or 2 From header...