1.2.5

DATE	CVE	VULNERABILITY TITLE	RISK
2007-11-30	CVE-2007-6170	SQL Injection vulnerability in multiple products SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments. network low complexity digium debian CWE-89	6.5
2007-10-12	CVE-2007-5358	Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Digium Asterisk Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields. network digium CWE-119	6.8
2006-04-18	CVE-2006-1827	Integer Overflow vulnerability in Asterisk JPEG File Handling Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length. network low complexity digium	6.4