14 matches found
EUVD-2007-5463
Malware in sbrugna...
EUVD-2008-2538
Malware in sbrugna...
SUSE CVE-2008-2543
The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and Asterisk-Addons 1.4.x before 1.4.7 creates a remotely accessible TCP port that is intended solely for localhost communication, and interprets some TCP application-data fields as addresses of memory to free, which allows remote...
Asterisk 'asterisk-addons' 1.2.7/1.4.3 CDR_ADDON_MYSQL Module SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/26095/info Asterisk 'asterisk-addons' package is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...
AST-2008-009: (Corrected subject) Remote crash vulnerability in ooh323 channel driver
Asterisk Project Security Advisory - AST-2008-009 +------------------------------------------------------------------------+ | Product | Asterisk-Addons | |--------------------+---------------------------------------------------| | Summary | Remote crash vulnerability in ooh323 channel | | | driv...
CVE-2008-2543
The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and Asterisk-Addons 1.4.x before 1.4.7 creates a remotely accessible TCP port that is intended solely for localhost communication, and interprets some TCP application-data fields as addresses of memory to free, which allows remote...
Memory corruption
The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and Asterisk-Addons 1.4.x before 1.4.7 creates a remotely accessible TCP port that is intended solely for localhost communication, and interprets some TCP application-data fields as addresses of memory to free, which allows remote...
AST-2007-023 - SQL Injection Vulnerabilty in cdr_addon_mysql
Asterisk Project Security Advisory - AST-2007-023 +------------------------------------------------------------------------+ | Product | Asterisk-Addons | |--------------------+---------------------------------------------------| | Summary | SQL Injection Vulnerability in cdraddonmysql |...
Asterisk cdr_addon_mysql插件SQL注入漏洞
CVECAN ID: CVE-2007-5488 Asterisk是开放源码的软件PBX,支持各种VoIP协议和设备。 Asterisk的cdraddonmysql模块实现上存在输入验证漏洞,远程攻击者可能利用此漏洞非授权操作数据库。 Asterisk的cdraddonmysql模块在插入记录时没有正确地转义指定呼叫的源和目标号码,发送给运行了该模块的Asterisk系统特制的目标号码可能导致SQL注入攻击。如果用户在使用实时数据的话,由于数据可能与插入呼叫记录处于同一数据库中,因此可能会导致各种数据破坏和失效等问题。 Asterisk Asterisk-Addons 1.4.x...
CVE-2007-5488
Multiple SQL injection vulnerabilities in cdraddonmysql in Asterisk-Addons before 1.2.8, and 1.4.x before 1.4.4, allow remote attackers to execute arbitrary SQL commands via the 1 source and 2 destination numbers, and probably 3 SIP URI, when inserting a record...
CVE-2007-5488
Multiple SQL injection vulnerabilities in cdraddonmysql in Asterisk-Addons before 1.2.8, and 1.4.x before 1.4.4, allow remote attackers to execute arbitrary SQL commands via the 1 source and 2 destination numbers, and probably 3 SIP URI, when inserting a record...
Sql injection
Multiple SQL injection vulnerabilities in cdraddonmysql in Asterisk-Addons before 1.2.8, and 1.4.x before 1.4.4, allow remote attackers to execute arbitrary SQL commands via the 1 source and 2 destination numbers, and probably 3 SIP URI, when inserting a record...
CVE-2007-5488
Multiple SQL injection vulnerabilities in cdraddonmysql in Asterisk-Addons before 1.2.8, and 1.4.x before 1.4.4, allow remote attackers to execute arbitrary SQL commands via the 1 source and 2 destination numbers, and probably 3 SIP URI, when inserting a record...
CVE-2007-5488
CVE-2007-5488 concerns the Asterisk-Addons cdr_addon_mysql module, where the cdr_addon_mysql component fails to escape the source and destination numbers (and possibly SIP URI) when inserting a record. This leads to SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQ...