62 matches found
CVE-2004-1680
application.cgi in the Pingtel Xpressa handset running firmware 2.1.11.24 allows remote authenticated users to cause a denial of service VxWorks OS crash via a long HTTP GET request, possibly triggering a buffer overflow...
CVE-2004-1680
The CVE-2004-1680 issue affects the Pingtel Xpressa handset (firmware 2.1.11.24) where application.cgi can be abused by remote authenticated users via a long HTTP GET request, potentially triggering a buffer overflow and causing a VxWorks OS crash (DoS). Connected sources confirm the vulnerabilit...
Pingtel Xpressa DoS
DoS through web interface...
@stake advisory: Pingtel Xpressa Denial of Service
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake, Inc. www.atstake.com Security Advisory Advisory Name: Pingtel Xpressa Denial of Service Release Date: 09-13-2004 Device: Xpressa phone Model PX-1 Firmware: Core Apps: 2.1.11.24 Kernel: 2.1.11.24 Severity: An attacker can cause the phone to fai...
CVE-2004-1680
application.cgi in the Pingtel Xpressa handset running firmware 2.1.11.24 allows remote authenticated users to cause a denial of service VxWorks OS crash via a long HTTP GET request, possibly triggering a buffer overflow...
Pingtel Xpressa 1.2.x/2.0/2.1 - Handset Remote Denial of Service
source: https://www.securityfocus.com/bid/11161/info Pingtel Xpressa handsets are reported prone to a remote denial of service vulnerability. The issue is reported to exist because of a lack of sufficient boundary checks performed on HTTP request data handled by the Xpressa administration web...
Pingtel Xpressa 1.2.x2.02.1 - Handset Remote Denial of Service
Pingtel Xpressa 1.2.x2.02.1 - Handset Remote Denial of Service source: https://www.securityfocus.com/bid/11161/info Pingtel Xpressa handsets are reported prone to a remote denial of service vulnerability. The issue is reported to exist because of a lack of sufficient boundary checks performed on...
CVE-2002-0674
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not "time out" an inactive administrator session, which could allow other users to perform administrator actions if the administrator does not explicitly end the authentication...
CVE-2002-0673
The enrollment process for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to the phone to log out the current user and re-register the phone using MyPingtel Sign-In to gain remote access and perform unauthorized actions...
CVE-2002-0668
The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the Call Forwarding settings and hijack calls...
CVE-2002-0674
The CVE-2002-0674 entry concerns Pingtel xpressa SIP phones (software versions 1.2.5–1.2.7.4) that do not time out an inactive administrator session, potentially allowing another user to perform administrator actions if the original admin session isn’t explicitly ended. This mirrors the @stake ad...
CVE-2002-0672
The CVE-2002-0672 entry concerns Pingtel xpressa SIP phones (versions 1.2.5–1.2.7.4) where the administrator password is null due to a factory reset without authentication via the GUI. The linked advisory and CVE records detail multiple issues affecting PX-1 devices, including local/remote admini...
CVE-2002-0668
The CVE-2002-0668 issue affects Pingtel xpressa SIP phones (software versions 1.2.5–1.2.7.4). A web interface vulnerability allows an authenticated user to modify Call Forwarding settings, hijacking calls by redirecting them to another SIP URL or number. The root cause is exposure of administrati...
CVE-2002-0673
CVE-2002-0673 concerns Pingtel xpressa SIP phones (PX-1, software 1.2.5–1.2.7.4). The vulnerability enables attackers with physical access to log out the current user via the enrollment process and re-register the phone using MyPingtel Sign-In, gaining remote access and allowing unauthorized acti...
CVE-2002-0672
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to restore the phone to factory defaults without authentication via a menu option, which sets the administrator password to null...
CVE-2002-0671
CVE-2002-0671 affects Pingtel xpressa SIP-based VoIP phones, versions 1.2.5–1.2.7.4. The issue arises when the device downloads applications from a web site without verifying their integrity, enabling remote attackers to install Trojan horse applications via DNS spoofing. The vulnerability is doc...
CVE-2002-0671
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote attackers to install Trojan horse applications via DNS spoofing...
CVE-2002-0669
The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows administrators to cause a denial of service by modifying the SIPAUTHENTICATESCHEME value to force authentication of incoming calls, which does not notify the user when an authentication failure occurs...
CVE-2002-0669
The CVE-2002-0669 issue affects Pingtel xpressa SIP-based phones (versions 1.2.5–1.2.7.4). By changing SIP_AUTHENTICATE_SCHEME, an attacker can force authentication of incoming calls, causing a denial of service where neither caller nor callee is informed of the failure. The vulnerability stems f...
CVE-2002-0669
The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows administrators to cause a denial of service by modifying the SIPAUTHENTICATESCHEME value to force authentication of incoming calls, which does not notify the user when an authentication failure occurs...