Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
digium asterisk 1.0.7 vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2006-2898
The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x prior to 1.2.9 and 1.0.x prior to 1.0.11 allows remote malicious users to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buff...
Digium Asterisk 1.2.0 Beta1
Digium Asterisk 1.2.0 Beta2
Digium Asterisk 1.0.10
Digium Asterisk 1.0.7
Digium Asterisk 1.2.8
Digium Asterisk 1.2.6
Digium Asterisk 1.2.7
Digium Asterisk 1.0.8
Digium Asterisk 1.0.9
668
VMScore
CVE-2006-4345
Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 up to and including 1.2.10 allows remote malicious users to execute arbitrary code via a crafted audit endpoint (AUEP) response.
Digium Asterisk 1.0.5
Digium Asterisk 1.0.6
Digium Asterisk 1.2.0 Beta2
Digium Asterisk 1.2.10
Digium Asterisk 1.0.10
Digium Asterisk 1.0.2
Digium Asterisk 1.0.9
Digium Asterisk 1.0 Rc1
Digium Asterisk 1.2.8
Digium Asterisk 1.0.0
Digium Asterisk 1.0.1
Digium Asterisk 1.0.7
Digium Asterisk 1.0.8
Digium Asterisk 1.2.6
Digium Asterisk 1.2.7
Digium Asterisk 1.2.9
Digium Asterisk 1.0.3
Digium Asterisk 1.0.4
Digium Asterisk 1.0 Rc2
Digium Asterisk 1.2.0 Beta1
755
VMScore
CVE-2006-5444
Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x prior to 1.0.12 and 1.2.x prior to 1.2.13, as used by Cisco SCCP phones, allows remote malicious users to execute arbitrary code via a certain dlen value that passes a signed...
Digium Asterisk 0.4
Digium Asterisk 0.7
Digium Asterisk 1.0.8
Digium Asterisk 1.0.9
Digium Asterisk 1.2.9
Digium Asterisk 1.2 Beta1
Digium Asterisk 0.2
Digium Asterisk 0.3
Digium Asterisk 1.0.11
Digium Asterisk 1.0.7
Digium Asterisk 1.2.7
Digium Asterisk 1.2.8
Digium Asterisk 0.1.7
Digium Asterisk 0.1.8
Digium Asterisk 0.7.1
Digium Asterisk 0.7.2
Digium Asterisk 1.2.10
Digium Asterisk 1.2.11
Digium Asterisk 1.2 Beta2
Digium Asterisk 0.1.9
Digium Asterisk 0.1.9.1
Digium Asterisk 0.9
1 EDB exploit
505
VMScore
CVE-2005-3559
Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 up to and including 1.2.0-beta1 allows remote malicious users to access WAV files via a .. (dot dot) in the folder parameter.
Digium Asterisk 0.1.1
Digium Asterisk 0.1.10
Digium Asterisk 0.1.11
Digium Asterisk 0.1.7
Digium Asterisk 0.1.8
Digium Asterisk 0.7.1
Digium Asterisk 0.7.2
Digium Asterisk 1.0.6
Digium Asterisk 1.0.7
Digium Asterisk 1.0.8
Digium Asterisk 0.1.0
Digium Asterisk 0.1.5
Digium Asterisk 0.1.6
Digium Asterisk 0.5.0
Digium Asterisk 0.7.0
Digium Asterisk 1.0.4
Digium Asterisk 1.0.5
Digium Asterisk 0.1.12
Digium Asterisk 0.1.2
Digium Asterisk 0.1.9
Digium Asterisk 0.2.0
Digium Asterisk 1.0.0
1 EDB exploit
445
VMScore
CVE-2005-2081
Stack-based buffer overflow in the function that parses commands in Asterisk 1.0.7, when the 'write = command' option is enabled, allows remote malicious users to execute arbitrary code via a command that has two double quotes followed by a tab character.
Digium Asterisk 1.0.7
570
VMScore
CVE-2006-1827
Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and previous versions allows remote malicious users to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length.
Digium Asterisk 0.1.10
Digium Asterisk 0.1.11
Digium Asterisk 0.1.12
Digium Asterisk 0.1.8
Digium Asterisk 0.1.9
Digium Asterisk 0.4.0
Digium Asterisk 0.5.0
Digium Asterisk 1.0.3
Digium Asterisk 1.0.4
Digium Asterisk 1.0.5
Digium Asterisk 1.2.0 Beta1
Digium Asterisk
Digium Asterisk 0.1.0
Digium Asterisk 0.1.1
Digium Asterisk 0.1.6
Digium Asterisk 0.1.7
Digium Asterisk 0.3.0
Digium Asterisk 0.4
Digium Asterisk 1.0.1
Digium Asterisk 1.0.2
Digium Asterisk 1.0 Rc1
Digium Asterisk 1.0 Rc2
785
VMScore
CVE-2007-1306
Asterisk 1.4 prior to 1.4.1 and 1.2 prior to 1.2.16 allows remote malicious users to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference.
Digium Asterisk 1.2.12.1
Digium Asterisk 1.2.13
Digium Asterisk 1.2 Beta1
Digium Asterisk 1.2 Beta2
Digium Asterisk 1.2.11
Digium Asterisk 1.2.12
Digium Asterisk 1.2.8
Digium Asterisk 1.2.9
Digium Asterisk 1.2.0 Beta1
Digium Asterisk 1.2.14
Digium Asterisk 1.2.15
Digium Asterisk 1.4.0
Digium Asterisk 1.4.0 Beta1
Digium Asterisk 1.4.0 Beta2
Digium Asterisk 1.2.0 Beta2
Digium Asterisk 1.2.10
Digium Asterisk 1.2.6
Digium Asterisk 1.2.7
1 EDB exploit
578
VMScore
CVE-2007-6170
SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x prior to 1.4.15, 1.2.x prior to 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (...
Digium Asterisk
Digium Asterisk C.1.0
Debian Debian Linux 3.1
Debian Debian Linux 4.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started