Asterisk 'asterisk-addons' 1.2.7/1.4.3 CDR_ADDON_MYSQL Module SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/26095/info Asterisk 'asterisk-addons' package is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...

nokia-dos.txt

Nokia N95 cellphone remote DoS using the SIP Stack Severity: High – Denial of Service Hardware: Nokia N95 Firmware: Tested version: Nokia RM-159 V 12.0.013 Notification: Vulnerability found: 11 September 2007 Contact Nokia Support: 12 September 2007 / None reply Contact Nokia Security Support: 19...

[Full-disclosure] Nokia N95 cellphone remote DoS using the SIP Stack

Nokia N95 cellphone remote DoS using the SIP Stack Severity: High – Denial of Service Hardware: Nokia N95 Firmware: Tested version: Nokia RM-159 V 12.0.013 Notification: Vulnerability found: 11 September 2007 Contact Nokia Support: 12 September 2007 / None reply Contact Nokia Security Support: 19...

cisco7940-dos.txt

Cisco 7940 Denial of Service Vulnerability Hardware: Cisco 7940 SIP Phone Severity: High – Denial of Service Software: Affected version: P0S3-08-7-00 Other Versions: May be Notification: Vulnerability found: 30 August 2007 Contact Cisco: 31 August 2007 Tracked issue: 11 September 2007 Vulnerabili...

[Full-disclosure] Cisco Phone 7940 remote DOS

Cisco 7940 Denial of Service Vulnerability Hardware: Cisco 7940 SIP Phone Severity: High – Denial of Service Software: Affected version: P0S3-08-7-00 Other Versions: May be Notification: Vulnerability found: 30 August 2007 Contact Cisco: 31 August 2007 Tracked issue: 11 September 2007 Vulnerabili...

[Full-disclosure] CallManager and OpeSer toll fraud and authentication forward attack

MADYNES Security Advisory : SIP toll fraud and authentication forward attack Date of Discovery 5 May, 2007 Vendor1 Cisco was informed on 22 May 2007 Vendor 2 OpenSer, voice-systems was informed in 4 th October 2007 ID: KIPH11 Affected products CallManager: System version: 5.1.1.3000-5...

sip-pwn.txt

SIP, the IETF endorsed VoIP signaling protocol, is currently used to establish and manage VoIP calls. Many security issues have been addressed until know about the security of VoIP due to the large numbers of attacks coming from the traditional IP networks, but none have addressed the securing th...

[Full-disclosure] DOS vulnerability on Thomson SIP phone ST 2030 using an empty packet

MADYNES Security Advisory : Remote DOS on Thomson SIP phone ST 2030 using an empty packet Date of Discovery 15 February, 2007 Vendor was notified on 1 March 2007 ID: KIPH10 Synopsis After sending an empty message the device looks functional but in fact does not respond to any event provoking a Do...

[Full-disclosure] DOS vulnerability on Thomson SIP phone ST 2030 using the TO Header

MADYNES Security Advisory : Remote DOS on Thomson SIP phone ST 2030 Date of Discovery 15 February, 2007 Vendor was notified on 1 March 2007 ID: KIPH9 Synopsis After sending a message where the TO URI field is crafted, the device looks functional but in fact does not respond to any event provoking...

cisco-stateful-dos.txt

MADYNES Security Advisory : stateful SIP remote DOS on Cisco 7940 Date of Discovery 4 April, 2007 ID: KIPH6 Synopsis After sending a series of ten SIP messages the device reboots. The phone does not check properly the state engine in the SIP stack The vendor was informed in April 2007 and...

[Full-disclosure] Grandstream Budge Tone-200 denial of service vulnerability

MADYNES Security Advisory http://madynes.loria.fr/ http://madynes.loria.fr Title: Grandstream Budge Tone-200 denial of service vulnerability Release Date: 21/03/2007 Severity: High - Denial of Service Advisory ID:KIPH3 Hardware: Grandstream Budge Tone-200 IP Phone...

grandstream-dos.txt

MADYNES Security Advisory http://madynes.loria.fr Title: Grandstream Budge Tone-200 denial of service vulnerability Release Date: 21/03/2007 Severity: High - Denial of Service Advisory ID:KIPH3 Hardware: Grandstream Budge Tone-200 IP Phone http://www.grandstream.com/consumerphones.html Affected...

Grandstream Budge Tone-200 IP Phone - Digest domain Denial of Service

Grandstream Budge Tone-200 IP Phone - Digest domain Denial of Service !/usr/bin/perl MADYNES Security Advisory http://madynes.loria.fr Title: Grandstream Budge Tone-200 denial of service vulnerability Release Date: 21/03/2007 Severity: High - Denial of Service Advisory ID:KIPH3 Hardware:...

Cisco Phone 7940/7960 (SIP INVITE) Remote Denial of Service Exploit

No description provided by source. !/usr/bin/perl Title: Cisco 7940 SIP INVITE remote DOS Date: February 19, 2007 ID: KIPH2 Synopsis: After sending a cra fted INVITE message the device immediately reboots. The phone does not check properly the sipURI field of the ...

Grandstream Budge Tone-200 IP Phone - Digest domain Denial of Service

!/usr/bin/perl MADYNES Security Advisory http://madynes.loria.fr Title: Grandstream Budge Tone-200 denial of service vulnerability Release Date: 21/03/2007 Severity: High - Denial of Service Advisory ID:KIPH3 Hardware: Grandstream Budge Tone-200 IP Phone...

[Full-disclosure] CISCO Phone 7940 DOS vulnerability

MADYNES Security Advisory http://madynes.loria.fr Severity: High Title: Cisco 7940 SIP INVITE remote DOS Date: February 19, 2007 ID: KIPH2 Synopsis: After sending a cra fted INVITE message the device immediately reboots. The phone does not check properly the sipURI field of the Remote-Party-ID in...

Cisco Phone 7940/7960 - 'SIP INVITE' Remote Denial of Service

!/usr/bin/perl Title: Cisco 7940 SIP INVITE remote DOS Date: February 19, 2007 ID: KIPH2 Synopsis: After sending a cra fted INVITE message the device immediately reboots. The phone does not check properly the sipURI field of the Remote-Party-ID in the message. The vendor was informed and...