RSS   Vulnerabilities for 'Asterisk-addons'   RSS

2008-06-05
 
CVE-2008-2543

CWE-399
 

 
The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and Asterisk-Addons 1.4.x before 1.4.7 creates a remotely accessible TCP port that is intended solely for localhost communication, and interprets some TCP application-data fields as addresses of memory to free, which allows remote attackers to cause a denial of service (daemon crash) via crafted TCP packets.

 
2007-10-17
 
CVE-2007-5488

CWE-89
 

 
Multiple SQL injection vulnerabilities in cdr_addon_mysql in Asterisk-Addons before 1.2.8, and 1.4.x before 1.4.4, allow remote attackers to execute arbitrary SQL commands via the (1) source and (2) destination numbers, and probably (3) SIP URI, when inserting a record.

 

 >>> Vendor: Asterisk 15 Products
Asterisk
Asterisk appliance developer kit
Asterisknow
S800i appliance
S800i
Asterisk-addons
Zaptel
Asterisk business edition
Open source
P b x
Opensource
Appliance s800i
Business edition
Certified asterisk
Digiumphones


Copyright 2017, cxsecurity.com