Digium: >> Asterisk Security Vulnerabilities
Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter.
CVSS Score
5.0
EPSS Score
0.055
Published
2005-11-16
Stack-based buffer overflow in the function that parses commands in Asterisk 1.0.7, when the 'write = command' option is enabled, allows remote attackers to execute arbitrary code via a command that has two double quotes followed by a tab character.
CVSS Score
5.0
EPSS Score
0.003
Published
2005-07-05
SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string.
CVSS Score
7.5
EPSS Score
0.0
Published
2003-09-22
Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain (1) MESSAGE or (2) INFO requests.
CVSS Score
7.5
EPSS Score
0.001
Published
2003-09-17
Page 12