EUVD-2017-18307

Malware in sbrugna...

EUVD-2019-2353

Malware in sbrugna...

CVE-2024-2363

CVE-2024-2363 affects AOL AIM Triton 1.0.4, specifically the Invite Handler component. The root cause is manipulation of the CSeq argument, which leads to a remote denial of service. Public exploit details exist, and the vulnerability is associated with products no longer maintained. No patch/ver...

PT-2024-19983 · Aol · Aol Aim Triton

Name of the Vulnerable Software and Affected Versions: AOL AIM Triton version 1.0.4 Description: A vulnerability was found in the Invite Handler component, where the manipulation of the CSeq argument leads to denial of service. The attack can be initiated remotely. This issue affects products tha...

CVE-2019-10549

Null pointer dereference issue can happen due to improper validation of CSEQ header response received from network in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MSM8905, MSM8909, MSM8917, MSM8920, MSM8937,...

Null pointer dereference

Null pointer dereference issue can happen due to improper validation of CSEQ header response received from network in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MSM8905, MSM8909, MSM8917, MSM8920, MSM8937,...

CVE-2019-10549

Null pointer dereference issue can happen due to improper validation of CSEQ header response received from network in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MSM8905, MSM8909, MSM8917, MSM8920, MSM8937,...

CVE-2019-10549

CVE-2019-10549 is a null pointer dereference caused by improper validation of the CSEQ header response over the network in Qualcomm Snapdragon firmware across multiple Snapdragon variants (Auto, Compute, IoT, Mobile, Wearables). The NVD CVSS shows both network attack vector, low complexity, and h...

Digium Asterisk SIP CSeq Heap Buffer Overflow

A heap-based buffer overflow vulnerability exists in Digium Asterisk. The vulnerability is due to a flaw while processing a very long CSeq header in SIP packet where Via header contains no branch parameter. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted...

Buffer overflow

PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service buffer overflow and application crash via a SIP packet with a crafted CSeq header in conjunction...

Asterisk 14.4.0 PJSIP 2.6 Heap Overflow

Heap overflow in CSEQ header parsing affects Asterisk chanpjsip and PJSIP - Authors: - Alfred Farrugia - Sandro Gauci - Vulnerable version: Asterisk 14.4.0 running chanpjsip, PJSIP 2.6 - References: AST-2017-002 - Enable Security Advisory: - Vendor Advisory: - Timeline: - Report date: 2017-04-12 ...

FreeBSD : asterisk -- Buffer Overrun in PJSIP transaction layer (0537afa3-3ce0-11e7-bf9d-001999f8d30b)

The Asterisk project reports : A remote crash can be triggered by sending a SIP packet to Asterisk with a specially crafted CSeq header and a Via header with no branch parameter. The issue is that the PJSIP RFC 2543 transaction key generation algorithm does not allocate a large enough buffer. By...

Ethereal <= 0.10.10 (SIP) Protocol Dissector Remote BoF Exploit

No description provided by source. / tetherealsip.c now quite functional Ethereal 0.10.0 to 0.10.10 SIP Dissector remote root exploit Advisory: http://www.ethereal.com/appnotes/enpa-sa-00019.html produced by Team W00dp3ck3r: frauk\x41iser mag00n s00n thorben Notes: tested on Debian Sarge Linux...

AIM Triton 1.0.4 CSeq Buffer Overflow

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'AIM Triton...

SIPfoundry sipXphone 2.6.0.27 CSeq Buffer Overflow

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'SIPfoundry...

Multiple sscanf vulnerabilities in Asterisk [MU-200908-01]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple sscanf vulnerabilities in Asterisk MU-200908-01 August 10, 2009 http://labs.mudynamics.com/advisories.html Affected Products/Versions: Asterisk 1.6.1 branch up to 1.6.1.2. Product Overview: Asterisk is an open source telephony engine and...

Code injection

The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 do...

PT-2009-5109 · Digium · Asterisk Open Source +2

Name of the Vulnerable Software and Affected Versions: Asterisk Open Source versions 1.2.x through 1.2.33 Asterisk Open Source versions 1.4.x through 1.4.26 Asterisk Open Source versions 1.6.0.x through 1.6.0.11 Asterisk Open Source versions 1.6.1.x through 1.6.1.3 Asterisk Business Edition A.x.x...

SIPfoundry sipXtapi (CSeq) Remote Buffer Overflow Exploit

Exploit for unknown platform in category remote exploits ========================================================= SIPfoundry sipXtapi CSeq Remote Buffer Overflow Exploit ========================================================= !/usr/bin/perl Remote Buffer Overflow in sipXtapi bad char 0x00 0x09...

CVE-2006-3524

Buffer overflow in SIPfoundry sipXtapi released before 20060324 allows remote attackers to execute arbitrary code via a long CSeq field value in an INVITE message...