- EPSS 5.52%
- Veröffentlicht 16.11.2005 07:42:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter.
- EPSS 0.35%
- Veröffentlicht 05.07.2005 04:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Stack-based buffer overflow in the function that parses commands in Asterisk 1.0.7, when the 'write = command' option is enabled, allows remote attackers to execute arbitrary code via a command that has two double quotes followed by a tab character.
CVE-2003-0779
- EPSS 0.03%
- Veröffentlicht 22.09.2003 04:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string.
CVE-2003-0761
- EPSS 0.13%
- Veröffentlicht 17.09.2003 04:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain (1) MESSAGE or (2) INFO req...