51 matches found
CVE-2011-0495
Stack-based buffer overflow in the asturiencode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary...
Design/Logic Flaw
The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the $EXTEN channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters...
CVE-2010-0685
The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the $EXTEN channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters...
CVE-2010-0685
The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the $EXTEN channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters...
DEBIAN-CVE-2010-0685
The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the $EXTEN channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters...
CVE-2010-0685
The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the $EXTEN channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters...
CVE-2010-0685
The CVE-2010-0685 entry affects Asterisk Open Source 1.2.x/1.4.x/1.6.x and Asterisk Business Edition B.x.x/C.x.x, where the Dialplan expansion of the ${EXTEN} channel variable with wildcard pattern matches can be exploited by context-dependent attackers to inject strings into the dialplan. This a...
CVE-2010-0685
The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the $EXTEN channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters...
CVE-2010-0685
The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the $EXTEN channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters...
Asterisk dialplan modification
Atacker can control dialplan if $EXTEN macro is used...
AST-2010-002: Dialplan injection vulnerability
Asterisk Project Security Advisory - AST-2010-002 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | Dialplan injection vulnerability |...