exploit the possibilities
Showing 1 - 25 of 39 RSS Feed

Files from Sandro Gauci

Email addresssandro at sipvicious.org
First Active2007-08-01
Last Active2021-10-25
FreeSWITCH 1.10.6 SRTP Packet Denial Of Service
Posted Oct 25, 2021
Authored by Sandro Gauci | Site enablesecurity.com

FreeSWITCH versions 1.10.6 and below suffer from a denial of service vulnerability when handling invalid SRTP packets.

tags | exploit, denial of service
advisories | CVE-2021-41105
MD5 | 37827909a81c36beab35ceb2b90f4361
FreeSWITCH 1.10.5 SIP SUBSCRIBE Missing Authentication
Posted Oct 25, 2021
Authored by Sandro Gauci | Site enablesecurity.com

FreeSWITCH versions 1.10.5 and below fail to authenticate SIP SUBSCRIBE requests by default.

tags | exploit
advisories | CVE-2021-41157
MD5 | b75da6bd952d1ea694468e6d2bfae3f9
FreeSWITCH 1.10.6 Missing SIP MESSAGE Authentication
Posted Oct 25, 2021
Authored by Sandro Gauci | Site enablesecurity.com

FreeSWITCH versions 1.10.6 and below fails to authenticate SIP MESSAGE requests, leading to spam and message spoofing vulnerabilities.

tags | exploit, spoof, vulnerability
advisories | CVE-2021-37624
MD5 | b4aff248f421f3eeaeead351a288bc49
FreeSWITCH 1.10.6 SIP Flooding Denial Of Service
Posted Oct 25, 2021
Authored by Sandro Gauci | Site enablesecurity.com

FreeSWITCH versions 1.10.6 and below suffer from a SIP flooding denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2021-41145
MD5 | be03962120b7338fc8ce46976cff9fd7
FreeSWITCH 1.10.6 SIP Digest Leak
Posted Oct 25, 2021
Authored by Sandro Gauci | Site enablesecurity.com

FreeSWITCH versions 1.10.6 and below suffer from a SIP digest leak vulnerability. An attacker can perform a SIP digest leak attack against FreeSWITCH and receive the challenge response of a gateway configured on the FreeSWITCH server. This is done by challenging FreeSWITCH's SIP requests with the realm set to that of the gateway, thus forcing FreeSWITCH to respond with the challenge response which is based on the password of that targeted gateway.

tags | exploit
advisories | CVE-2021-41158
MD5 | c8279f653f09b7e0ae68c5545cf2d9d9
VoIPmonitor 27.6 Buffer Overflow
Posted Mar 15, 2021
Authored by Sandro Gauci | Site enablesecurity.com

A buffer overflow was identified in the VoIPmonitor live sniffer feature. The description variable in the function save_packet_sql is defined as a fixed length array of 1024 characters. The description is set to the value of a SIP request or response line. By setting a long request or response line VoIPmonitor will trigger a buffer overflow.

tags | exploit, overflow
MD5 | fa1abfe56427c745d11764938e154f09
VoIPmonitor 27.5 Missing Memory Protections
Posted Mar 15, 2021
Authored by Sandro Gauci | Site enablesecurity.com

Static binaries provided for VoIPmonitor version2 7.5 are built without any memory corruption protection in place.

tags | exploit
MD5 | 09ac3f424c1b38dd778fb7800b626973
VoIPmonitor WEB GUI 24.55 Cross Site Scripting
Posted Mar 15, 2021
Authored by Sandro Gauci | Site enablesecurity.com

VoIPmonitor WEB GUI versions 24.53, 24.54, and 24.55 suffer from multiple cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
MD5 | ac76c2187f9e21890054c0b65e433b84
Coturn 4.5.1.x Access Control Bypass
Posted Jan 11, 2021
Authored by Sandro Gauci | Site enablesecurity.com

Coturn version 4.5.1.x suffers from a loopback access control bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2020-26262
MD5 | 253cda007888131792b88ab2a5964ea2
Asterisk 17.6.0 / 17.5.1 Denial Of Service
Posted Nov 6, 2020
Authored by Sandro Gauci | Site enablesecurity.com

Asterisk versions 17.5.1 and 17.6.0 were found vulnerability to a denial of service condition where Asterisk segfaults when receiving an INVITE flood over TCP.

tags | exploit, denial of service, tcp
MD5 | 9a5d9ec730691495e303171a44bcc12b
Asterisk Project Security Advisory - AST-2020-001
Posted Nov 6, 2020
Authored by Sandro Gauci, Kevin Harwell | Site asterisk.org

Asterisk Project Security Advisory - Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending upon some off nominal circumstances, and timing it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects were de-referenced, or accessed next by the initial creation thread.

tags | advisory
MD5 | 517d938072991f01f5558229c6259077
Kamailio 5.4.0 Header Smuggling
Posted Sep 1, 2020
Authored by Sandro Gauci | Site rtcsec.com

Kamailio version 5.4.0 is vulnerable to header smuggling via a bypass of remove_hf.

tags | exploit, bypass
MD5 | 105120a096c11895c654ec5a53e7893d
Kamailio 5.1.1 / 5.1.0 / 5.0.0 Heap Overflow
Posted Mar 20, 2018
Authored by Sandro Gauci, Alfred Farrugia

Kamailio versions 5.1.1, 5.1.0, and 5.0.0 suffer from an off-by-one heap overflow vulnerability.

tags | exploit, overflow
MD5 | c25f1f7329d21e066258756d0aab5e41
Asterisk 15.2.0 chan_pjsip INVITE Denial Of Service
Posted Feb 26, 2018
Authored by Sandro Gauci, Alfred Farrugia

Asterisk running chan_pjsip suffers from an INVITE message denial of service vulnerability. Versions affected include Versions affected include 15.2.0, 15.1.0, 15.0.0, 13.19.0, 13.11.2, and 14.7.5.

tags | exploit, denial of service
advisories | CVE-2018-7286
MD5 | 1a1dfa782be396603fb5a78ae823f41e
Asterisk 15.2.0 chan_pjsip SDP Media Format Denial Of Service
Posted Feb 26, 2018
Authored by Sandro Gauci, Alfred Farrugia

Asterisk running chan_pjsip suffers from an SDP message related denial of service vulnerability. Versions affected include 13.10.0, 15.1.3, 15.1.4, 15.1.5, and 15.2.0.

tags | exploit, denial of service
MD5 | e162142628fbfb5ba18a1ab13f113be7
Asterisk 15.2.0 chan_pjsip SDP fmtp Denial Of Service
Posted Feb 26, 2018
Authored by Sandro Gauci, Alfred Farrugia

Asterisk version 15.2.0 running chan_pjsip suffers from an SDP message related denial of service vulnerability.

tags | exploit, denial of service
MD5 | 873b23fd0ed9845d55e6420887487dec
Asterisk 15.2.0 chan_pjsip SUBSCRIBE Stack Corruption
Posted Feb 26, 2018
Authored by Sandro Gauci, Alfred Farrugia

Asterisk running chan_pjsip suffers from a SUBSCRIBE message stack corruption vulnerability. Vulnerable versions include 15.2.0, 13.19.0, 14.7.5, and 13.11.2.

tags | exploit
advisories | CVE-2018-7284
MD5 | 323b863197d2d23bab8781c4b5ccc8cc
Asterisk Project Security Advisory - AST-2018-005
Posted Feb 23, 2018
Authored by Sandro Gauci | Site asterisk.org

Asterisk Project Security Advisory - A crash occurs when a number of authenticated INVITE messages are sent over TCP or TLS and then the connection is suddenly closed. This issue leads to a segmentation fault.

tags | advisory, tcp
advisories | CVE-2018-7286
MD5 | 0733c7c77cd97a87cdc416aef921fea4
Asterisk Project Security Advisory - AST-2018-004
Posted Feb 23, 2018
Authored by Joshua Colp, Sandro Gauci | Site asterisk.org

Asterisk Project Security Advisory - When processing a SUBSCRIBE request the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed despite having a fixed limit of 32. If more than 32 Accept headers were present the code would write outside of its memory and cause a crash.

tags | advisory
advisories | CVE-2018-7284
MD5 | f18e104dffba1574edc8eaf43287eb35
Asterisk Project Security Advisory - AST-2018-003
Posted Feb 23, 2018
Authored by Sandro Gauci, Kevin Harwell | Site asterisk.org

Asterisk Project Security Advisory - By crafting an SDP message body with an invalid fmtp attribute Asterisk crashes when using the pjsip channel driver because pjproject's fmtp retrieval function fails to check if fmtp value is empty (set empty if previously parsed as invalid). The severity of this vulnerability is lessened since an endpoint must be authenticated prior to reaching the crash point, or it's configured with no authentication.

tags | advisory
MD5 | 73cf5406ac133164b0fdab2716de6feb
Asterisk Project Security Advisory - AST-2018-002
Posted Feb 21, 2018
Authored by Sandro Gauci, Kevin Harwell | Site asterisk.org

Asterisk Project Security Advisory - By crafting an SDP message with an invalid media format description Asterisk crashes when using the pjsip channel driver because pjproject's sdp parsing algorithm fails to catch the invalid media format description. The severity of this vulnerability is lessened since an endpoint must be authenticated prior to reaching the crash point, or it's configured with no authentication.

tags | advisory
MD5 | 6b23e91da16ff09e58f7e2691ced6883
Asterisk 14.6.1 RTP Bleed
Posted Sep 2, 2017
Authored by Sandro Gauci, Klaus-Peter Junghanns

Asterisk versions 11.4.0 through 14.6.1 suffer from an RTP man-in-the-middle vulnerability.

tags | advisory
advisories | CVE-2017-14099
MD5 | c91e9a9784eb79d8de4896c824e15a8b
Asterisk 14.4.0 Skinny Denial Of Service
Posted May 22, 2017
Authored by Sandro Gauci, Alfred Farrugia

Asterisk version 14.4.0 with chan_skinny enabled suffers from a memory exhaustion vulnerability that can lead to a denial of service vulnerability.

tags | exploit, denial of service
MD5 | 2a53a018e7760934bc7c0fb189920799
Asterisk 14.4.0 PJSIP 2.6 Denial Of Service
Posted May 22, 2017
Authored by Sandro Gauci, Alfred Farrugia

Asterisk version 14.4.0 running chan_pjsip with PJSIP version 2.6 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | f49b5e4d52c26c6e0a76dcc3d9c9f48c
Asterisk 14.4.0 PJSIP 2.6 Heap Overflow
Posted May 22, 2017
Authored by Sandro Gauci, Alfred Farrugia

Asterisk version 14.4.0 with PJSIP version 2.6 suffers from a heap overflow vulnerability in CSEQ header parsing.

tags | exploit, overflow
MD5 | ffae82070b494ad6a86bd977ef721698
Page 1 of 2
Back12Next

File Archive:

December 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    18 Files
  • 2
    Dec 2nd
    11 Files
  • 3
    Dec 3rd
    23 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close