7 matches found
Asterisk PBX_AEL.C交换阻断安全绕过漏洞
Asterisk是一个开放源代码的软件VoIP PBX系统。 Asterisk存在设计错误,远程攻击者可以利用漏洞绕过安全限制获得敏感信息。 当编译任意标签时Asterisk扩展语言AEL由于不安全生成扩展,攻击者可以导致绕过安全限制,然后获得敏感信息或更改用户设置。 Asterisk Asterisk 1.4.2 Asterisk Asterisk 1.4.1 Asterisk Asterisk 1.2.17 Asterisk Asterisk 1.2.16 Asterisk Asterisk 1.2.15 Asterisk Asterisk 1.2.14 Asterisk...
CVE-2007-1595
The Asterisk Extension Language AEL in pbx/pbxael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form...
Code injection
The Asterisk Extension Language AEL in pbx/pbxael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form...
CVE-2007-1595
The Asterisk Extension Language AEL in pbx/pbxael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form...
CVE-2007-1595
The Asterisk Extension Language AEL in pbx/pbxael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form...
CVE-2007-1595
The CVE-2007-1595 entry concerns the Asterisk Extension Language (AEL) in pbx/pbx_ael.c, where extensions are not properly generated. The flaw allows remote attackers to cause execution of arbitrary extensions by supplying an invalid extension in a specific form, with an unknown overall impact as...
CVE-2007-1595
The Asterisk Extension Language AEL in pbx/pbxael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form...