Asterisk version 14.4.0 with chan_skinny enabled suffers from a memory exhaustion vulnerability that can lead to a denial of service vulnerability.
f873e04bcb0eecc9597ab97c172b350143d8b4bc7a90a33fabc8192c71a4c519Asterisk version 14.4.0 running chan_pjsip with PJSIP version 2.6 suffers from a denial of service vulnerability.
26735dd3956e23cd86d3bfd7f09cf45b7e07e2f91f84b5f91c48da4e3976b767Asterisk version 14.4.0 with PJSIP version 2.6 suffers from a heap overflow vulnerability in CSEQ header parsing.
96d2411683190b99bf76dad788720f5b886c567643bf4124f892badaecf39a31Asterisk Project Security Advisory - A remote memory exhaustion can be triggered by sending an SCCP packet to Asterisk system with chan_skinny enabled that is larger than the length of the SCCP header but smaller than the packet length specified in the header. The loop that reads the rest of the packet does not detect that the call to read() returned end-of-file before the expected number of bytes and continues infinitely. The partial data message logging in that tight loop causes Asterisk to exhaust all available memory.
8d5f47cf0e67ce5864a2b2a4177e62f386b1d90a8d45c93551e617023efa518cAsterisk Project Security Advisory - The multi-part body parser in PJSIP contains a logical error that can make certain multi-part body parts attempt to read memory from outside the allowed boundaries. A specially-crafted packet can trigger these invalid reads and potentially induce a crash.
dffc64dd4e5928c9a21df82604d70762c92068e2145f6bc7293d2eb080f35bbcAsterisk Project Security Advisory - A remote crash can be triggered by sending a SIP packet to Asterisk with a specially crafted CSeq header and a Via header with no branch parameter. The issue is that the PJSIP RFC 2543 transaction key generation algorithm does not allocate a large enough buffer. By overrunning the buffer, the memory allocation table becomes corrupted, leading to an eventual crash.
60ef218a0c056d6aec0776e903fa217b0958d9a103decc2e014f49f5d98412d9Liferay supports OpenID login which was found to make use of a version of openid4java that is vulnerable to XML External Entity (XXE) attacks. Liferay versions 6.2.3 CE GA4 and earlier are affected.
4af9bc5284a2717eed36c719d395c99e7caa71650223cbe9e5ba3e327bfa0e63Cisco CUCM environment and the IP Phone CP-7975G suffer from a directory traversal, have a reversible obfuscation algorithm, security issues related to SCCP, CTFTP, and Voice VLAN separation. Versions 7.0 and 8.0(2) are affected.
17aa1f350cac49473ed6962ed0fc3ece5a0474aa8fa99f6df2c4f4751b652bc7SIPVicious tools address the need for traditional security tools to be ported to SIP. This package consists of a SIP scanner, a SIP wardialer, and a SIP PBX cracker. Written in Python.
1e25862cc9e81979e0d66e5fb298c8cfd17279e7dd683b1dd841dcf1dbc29cc8Applicure dotDefender version 4.0 suffers from a cross site scripting vulnerability.
fefe2bf6cf86f61cea6eacfb51cf2668b0a3a88f1daf4ee354942b14753dbcd3SIPVicious tools address the need for traditional security tools to be ported to SIP. This package consists of a SIP scanner, a SIP wardialer, and a SIP PBX cracker. Written in Python.
925c5e20334b59f8b4dfa8b74af93cca91bb177f7927dc064b5c0b0eea42524bsurfjack is a tool that allows you to hijack HTTP connection to steal cookies.
65a1c73679412a460412df6144fbf8de78ac5c5048437c0211b5eee605f5abbdWhitepaper from 2002 that has been updated regarding the abuse of non-HTTP protocols to launch cross site scripting attacks.
8afda6a71fc82e75746054b311cdece0c4c6f3bf4d75964f8cec22dd09f4c8b7SIPVicious tools address the need for traditional security tools to be ported to SIP. This package consists of a SIP scanner, a SIP wardialer, and a SIP PBX cracker. Written in Python.
7a884728d0b0449539ae468744f04de9386aceef921b10b79cfdbcac2701d9ffSIPVicious tools address the need for traditional security tools to be ported to SIP. This package consists of a SIP scanner, a SIP wardialer, and a SIP PBX cracker. Written in Python.
44b8f1330394d7ee5c5a5ce92f71f1909241c1b2caa71c754c83930bc18bd737SIPVicious tools address the need for traditional security tools to be ported to SIP. This package consists of a SIP scanner, a SIP wardialer, and a SIP PBX cracker. Written in Python.
b4ce7d3390a65075e49977aa14755b3028fc45bc726cd7eaafb4a1d36f7bc67fSIPVicious tools address the need for traditional security tools to be ported to SIP. This package consists of a SIP scanner, a SIP wardialer, and a SIP PBX cracker. Written in Python.
a8491392edc35e99527bf80f43cfd8cc88e44cdfee6d97c95421c9bd5999b6b2
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed