21 matches found
SuiteCRM SQL注入漏洞
SuiteCRM is a customer relationship management system from the SuiteCRM team. A SQL injection vulnerability exists in SuiteCRM versions 7.14.7 and earlier and versions 8.0.0-beta.1 through 8.9.0, which originates from an attacker who can construct a malicious callid parameter to manipulate SQL...
CVE-2025-64488 SuiteCRM: Authenticated SQL Injection Possible in Reschedule Call Module
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions 7.14.7 and below and 8.0.0-beta.1 through 8.9.0 8.0.0-beta.1, an attacker can craft a malicious callid that alters the logic of the SQL query or injects arbitrary SQL. An attack can...
CVE-2025-64488 SuiteCRM: Authenticated SQL Injection Possible in Reschedule Call Module
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions 7.14.7 and below and 8.0.0-beta.1 through 8.9.0 8.0.0-beta.1, an attacker can craft a malicious callid that alters the logic of the SQL query or injects arbitrary SQL. An attack can...
PT-2025-45523
Name of the Vulnerable Software and Affected Versions SuiteCRM versions 7.14.7 and below SuiteCRM versions 8.0.0-beta.1 through 8.9.0 Description SuiteCRM is a Customer Relationship Management CRM software application. An attacker can manipulate the call id to modify SQL query logic or inject...
EUVD-2011-2527
Malware in sbrugna...
EUVD-2024-31721
Malicious code in bioql PyPI...
UBUNTU-CVE-2025-38544
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix bug due to prealloc collision When userspace is using AFRXRPC to provide a server, it has to preallocate incoming calls and assign to them call IDs that will be used to thread related recvmsg and sendmsg together. The...
CVE-2025-38544 rxrpc: Fix bug due to prealloc collision
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix bug due to prealloc collision When userspace is using AFRXRPC to provide a server, it has to preallocate incoming calls and assign to them call IDs that will be used to thread related recvmsg and sendmsg together. The...
CVE-2025-38524 rxrpc: Fix recv-recv race of completed call
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix recv-recv race of completed call If a call receives an event such as incoming data, the call gets placed on the socket's queue and a thread in recvmsg can be awakened to go and process it. Once the thread has picked up...
CVE-2025-38524 rxrpc: Fix recv-recv race of completed call
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix recv-recv race of completed call If a call receives an event such as incoming data, the call gets placed on the socket's queue and a thread in recvmsg can be awakened to go and process it. Once the thread has picked up...
DEBIAN-CVE-2024-3119
A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. The functions sipgetcallid and sipgetxcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the dat...
UBUNTU-CVE-2024-3119
A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. The functions sipgetcallid and sipgetxcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the dat...
CVE-2024-3119 Stack-Buffer Overflow in 'Call-ID' and 'X-Call-ID' SIP Header Processing in sngrep
A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. The functions sipgetcallid and sipgetxcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the dat...
Researchers Hijack Cell Phone Data, GSM Locations
A pair of security researchers has discovered a number of new attack vectors that give them the ability to not only locate any GSM mobile handset anywhere in the world, but also find the name of the subscriber associated with virtually any cellular phone number, raising serious privacy and securi...
Cisco 7940 SIP电话INVITE消息远程拒绝服务漏洞
BUGTRAQ ID: 26711 Cisco 7940型IP电话是一种多功能通讯设备,通过IP网络传递语音信号。 Cisco 7940在处理畸形INVITE消息时存在漏洞,远程攻击者可能利用此漏洞导致设备不可用。 如果向Cisco 7940 IP电话发送了一系列SIP INVITE消息的话,就可能导致设备看起来在正常工作而实际上无法接收或发起呼叫,继续发送INVITE消息的话就会导致设备重启。 攻击者所发送的SIP INVITE消息中的Request-URI部分应不包含有用户名,如INVITE sip:XXX.XXX.XXX.XXX...
cisco7940-dos.txt
Cisco 7940 Denial of Service Vulnerability Hardware: Cisco 7940 SIP Phone Severity: High Denial of Service Software: Affected version: P0S3-08-7-00 Other Versions: May be Notification: Vulnerability found: 30 August 2007 Contact Cisco: 31 August 2007 Tracked issue: 11 September 2007 Vulnerabili...
sip-fraud.txt
SIP Digest Access Authentication RELAY-ATTACK for Toll-Fraud In this post, we would like to inform about a potential Authentication vulnerability in SIP, where all SIP equipments using Digest Access Authentication which can issue re-INVITEs are vulnerable. The problem lies in an attack scenario,...
CVE-2005-2182
Grandstream BudgeTone BT 100 Voice over IP VoIP phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message...
CVE-2005-2182
Grandstream BudgeTone BT 100 Voice over IP VoIP phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message...
PT-2005-3111 · Grandstream · Grandstream Budgetone (Bt) 100
Name of the Vulnerable Software and Affected Versions: Grandstream BudgeTone BT 100 affected versions not specified Description: The issue concerns the Grandstream BudgeTone BT 100 Voice over IP VoIP phones, which do not properly validate certain values in a NOTIFY message. This allows remote...