18 matches found
iax2-brute NSE Script
Performs brute force password auditing against the Asterisk IAX2 protocol. Guessing fails when a large number of attempts is made due to the maxcallnumber limit default 2048. In case your getting "ERROR: Too many retries, aborted ..." after a while, this is most likely what's happening. In order ...
Sql injection
The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers ...
CVE-2009-2346
The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers ...
CVE-2009-2346
The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers ...
CVE-2009-2346
The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers ...
CVE-2009-2346
The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers ...
AST-2009-006: IAX2 Call Number Resource Exhaustion
Asterisk Project Security Advisory - AST-2009-006 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | IAX2 Call Number Resource Exhaustion |...
CVE-2008-3263
The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a...
Design/Logic Flaw
The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a...
CVE-2008-3263
The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a...
CVE-2008-3263
The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a...
CVE-2008-3263
The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a...
CVE-2008-3263
CVE-2008-3263 is an IAX2 POKE-related denial-of-service affecting multiple Asterisk lines (Open Source 1.0.x, 1.2.x up to 1.2.30, 1.4.x up to 1.4.21.2; Business Edition B, C, AsteriskNOW, and s800i variants). The issue allows remote attackers to exhaust call numbers and consume CPU by rapidly sen...
Asterisk IAX2报文放大远程拒绝服务漏洞
BUGTRAQ ID: 28901 CVECAN ID: CVE-2008-1897 Asterisk是开放源码的软件PBX,支持各种VoIP协议和设备。 Asterisk在处理呼叫的机制上存在漏洞,远程攻击者可能利用此漏洞对第三方机器执行拒绝服务攻击。 IAX2协议允许ICNEW报文启动呼叫。ICNEW报文是18字节长的UDP报文,而呼叫可能非常长,包含有很多数据。由于UDP是可以伪造的,因此远程攻击者可以在IAX2握手期间欺骗IAX2握手,导致Asterisk服务器向目标发送大量数据,造成网络堵塞。 Asterisk Asterisk 1.4.x Asterisk Asterisk...
CVE-2008-1897
The IAX2 channel driver chaniax2 in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow...
CORE-2006-0330: Asterisk PBX truncated video frame vulnerability
Core Security Technologies - Corelabs Advisory http://www.coresecurity.com/corelabs/ Asterisk PBX truncated video miniframe vulnerability Date Published: 2006-06-09 Last Update: 2006-06-09 Advisory ID: CORE-2006-0330 Bugtraq ID: 18295 CVE Name: CVE-2006-2898 Title: Asterisk PBX truncated video...
: Asterisk PBX truncated video frame vulnerability
Advisory ID Internal CORE-2006-0330 Date Published : 2006-06-09 Last Update : 2006-06-09 Advisory ID : CORE-2006-0330 Bugtraq ID : 18295 CVE Name : CVE-2006-2898 Title : Asterisk PBX truncated video frame vulnerability Class : Input Validation Error Remotely Exploitable : Yes Locally Exploitable ...
Inter-Asterisk eXchange Protocol Detection
The Inter-Asterisk eXchange protocol IAX2 is used by the Asterisk PBX Server and other IP telephony clients/servers to enable voice communication between them. Script Written By Ferdy Riphagen Script distributed under the GNU GPLv2 License. include"compat.inc"; if description scriptid20834;...