2 matches found
CVE-2021-37391
A user without privileges in Chamilo LMS 1.11.14 can send an invitation message to another user, e.g., the administrator, through main/social/search.php, main/inc/lib/social.lib.php and steal cookies or execute arbitrary code on the administration side via a stored XSS vulnerability via social...
DEBIAN-CVE-2007-2293
Multiple stack-based buffer overflows in the processsdp function in chansip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long 1 T38FaxRateManagement or 2 T38FaxUdpEC SDP parameter in an SIP message, as demonstrated using SIP...