EnableSecurity

10 exploits Active since May 2009
CVE-2018-8828 WRITEUP CRITICAL WRITEUP
Kamailio <4.4.7, 5.0.x <5.0.6, 5.1.x <5.1.2 - Buffer Overflow
A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x before 5.0.6, and 5.1.x before 5.1.2. A specially crafted REGISTER message with a malformed branch or From tag triggers an off-by-one heap-based buffer overflow in the tmx_check_pretran function in modules/tmx/tmx_pretran.c.
CVSS 9.8
CVE-2023-49786 WRITEUP HIGH WRITEUP
Asterisk < 18.20.1, 20.5.1, 21.0.1 & Certified Asterisk < 18.9-cert6 DoS via DTLS Race Condition
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6.
CVSS 7.5
CVE-2025-53399 WRITEUP MEDIUM WRITEUP
Sipwise rtpengine <13.4.1.1 - Command Injection
In Sipwise rtpengine before 13.4.1.1, an origin-validation error in the endpoint-learning logic of the media-relay core allows remote attackers to inject or intercept RTP/SRTP media streams via RTP packets (except when the relay is configured for strict source and learning disabled). Version 13.4.1.1 fixes the heuristic mode by limiting exposure to the first five packets, and introduces a recrypt flag that fully prevents SRTP attacks when both mitigations are enabled.
CVE-2009-1593 EXPLOITDB text WRITEUP
Armorlogic Profense WAF <2.2.22 & 2.4.x<2.4.4 XSS via SCRIPT Tag
Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, does not properly implement the "negative model," which allows remote attackers to conduct cross-site scripting (XSS) attacks via a modified end tag of a SCRIPT element.
EIP-2026-104169 EXPLOITDB text WRITEUP
Applicure dotDefender 4.01-3 - Persistent Cross-Site Scripting
CVE-2018-7286 EXPLOITDB MEDIUM python WORKING POC
Asterisk 13.x-13.19.1, 14.x<14.7.5, 15.x-15.2.1, Certified Asterisk <13.18 - DoS via SIP INVITE
An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection.
CVSS 6.5
EIP-2026-102623 EXPLOITDB python WORKING POC
Kamailio 5.1.1 / 5.1.0 / 5.0.0 - Off-by-One Heap Overflow
CVE-2018-7284 EXPLOITDB HIGH python WORKING POC
Asterisk Buffer Overflow via SUBSCRIBE Request Accept Headers
A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash.
CVSS 7.5
EIP-2026-102562 EXPLOITDB python WORKING POC
Asterisk chan_pjsip 15.2.0 - 'SDP' Denial of Service
EIP-2026-102561 EXPLOITDB python WORKING POC
Asterisk chan_pjsip 15.2.0 - 'SDP fmtp' Denial of Service