34 matches found
CVE-2018-11518
CVE-2018-11518 describes a phreaking attack on HCL legacy IVR systems that do not use VoIP. The vulnerability arises from handling of audio-frequency signals (DTMF) within a phone call, where an attacker can record the tones and trigger a service activation. The issue is a request-forgery : if th...
CVE-2018-11518
A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. These IVR systems rely on various frequencies of audio signals; based on the frequency, certain commands and functions are processed. Since these frequencies are accepted within a phone call, an attacker can...
SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2018:0361-1)
This update for MozillaFirefox to version ESR 52.6 fixes several issues. These security issues were fixed : - CVE-2018-5091: Use-after-free with DTMF timers bsc1077291. - CVE-2018-5095: Integer overflow in Skia library during edge builder allocation bsc1077291. - CVE-2018-5096: Use-after-free whi...
CVE-2018-5091
A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR 52.6 and Firefox 58...
Security vulnerabilities fixed in Firefox ESR 52.6 — Mozilla
A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This...
CVE-2018-5091
A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR 52.6 and Firefox 58...
AST-2012-005: Heap Buffer Overflow in Skinny Channel Driver
Asterisk Project Security Advisory - AST-2012-005 Product Asterisk Summary Heap Buffer Overflow in Skinny Channel Driver Nature of Advisory Exploitable Heap Buffer Overflow Susceptibility Remote Authenticated Sessions Severity Minor Exploits Known No Reported On March 26, 2012 Reported By Russell...
Phone Phreaking using Bluebox Demonstrated in India
Phone Phreaking using Bluebox Demonstrated in India Christy Philip Mathew, an Indian Information Security Instructor and Hacker demonstrated Phone Phreaking using Bluebox in his lab. This time we have something really special that would remind us the phone phreaking. Actually Phone Phreaking...
A DTMF-based IVR application that is developed by using Lync Server 2010, UCMA 3.0 Workflow APIs crashes
Fixes an issue in which a DTMF-based IVR application crashes when a user barges-in multiple times with invalid DTMF digits or barges-in to request help. This issue occurs if the application is developed by using Lync Server 2010, UCMA 3.0 Workflow APIs.SymptomsConsider the following scenario: You...
Moshi Moshi : VoIP bot written in Python
Moshi Moshi : VoIP bot written in Python Moshi Moshi is a VoIP Bot written in Python that uses SIP as VoIP Protocol, Text-to-speech engines for Output, and DTMF Tones for Input. It is part of a talk "Sounds Like Botnet" given at DEF CON 19 and BSidesLV 2011 on VoIP Botnets by Itzik Kotler and...
Telephone Line Voice Scanner
This module dials a range of phone numbers and records audio from each answered call This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'fileutils' class MetasploitModule 'Telephone Line Voice Scanner',...
Fedora 14 : asterisk-1.6.2.18-1.fc14 (2011-6225)
The Asterisk Development Team has announced the release of Asterisk 1.6.2.18. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/ The release of Asterisk 1.6.2.18 resolves several issues reported by the community and would have not been possib...
Fedora 13 : asterisk-1.6.2.18-1.fc13 (2011-6208)
The Asterisk Development Team has announced the release of Asterisk 1.6.2.18. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/ The release of Asterisk 1.6.2.18 resolves several issues reported by the community and would have not been possib...
Current Versions Release History
Current Versions Release History 5.1c2 30-Jun-06 Valid Core License Keys: issued between 01-Jun-2004 and 31-Oct-2004, or on or after 01-Jun-2005. Admin: Lawful Intercept for Signals is implemented. WSSP: now all string prefixes HTML, JAVASCRIPT, etc. support numeric data. XIMSS: the Signal...