Vulnerabilities > Digium > Asterisk > 0.1.7
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-10-12 | CVE-2007-5358 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Digium Asterisk Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields. | 6.8 |
2006-10-23 | CVE-2006-5444 | Remote Buffer Overflow vulnerability in Asterisk Chan_Skinny Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow. | 7.5 |
2006-04-18 | CVE-2006-1827 | Integer Overflow vulnerability in Asterisk JPEG File Handling Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length. | 6.4 |
2005-11-16 | CVE-2005-3559 | Unspecified vulnerability in Digium Asterisk Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. | 5.0 |
2003-09-22 | CVE-2003-0779 | Unspecified vulnerability in Digium Asterisk SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string. | 7.5 |