MADYNES

10 exploits Active since Mar 2007
CVE-2007-1561 EXPLOITDB perl WORKING POC
Asterisk < 1.2.17 and 1.4.x < 1.4.2 - Denial of Service via SIP INVITE with Malformed SDP
The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP INVITE message with an SDP containing one valid and one invalid IP address.
CVE-2007-4459 EXPLOITDB perl WORKING POC
Cisco IP Phone 7940 and 7960 < 8.70 - Denial of Service via Malformed SIP Messages
Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and other SIP firmware before 8.7(0), allows remote attackers to cause a denial of service (device reboot) via (1) a certain sequence of 10 invalid SIP INVITE and OPTIONS messages; or (2) a certain invalid SIP INVITE message that contains a remote tag, followed by a certain set of two related SIP OPTIONS messages.
CVE-2007-5583 EXPLOITDB perl WORKING POC
Cisco IP Phone 7940 P0S3-08-7-00 - Denial of Service via SIP INVITE Request-URI
Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to cause a denial of service ("486 Busy" responses or device reboot) via a sequence of SIP INVITE transactions in which the Request-URI lacks a user name, a different vulnerability than CVE-2007-4459.
CVE-2007-1542 EXPLOITDB perl WORKING POC
Cisco IP Phone 7940 and 7960 - Denial of Service via SIP INVITE Remote-Party-ID Field
Unspecified vulnerability in the Cisco IP Phone 7940 and 7960 running firmware before POS8-6-0 allows remote attackers to cause a denial of service via the Remote-Party-ID sipURI field in a SIP INVITE request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1590 EXPLOITDB perl WORKING POC
Grandstream BudgeTone 200 - Denial of Service via SIP WWW-Authenticate Header
The Grandstream BudgeTone 200 IP phone, with program 1.1.1.14 and bootloader 1.1.1.5, allows remote attackers to cause a denial of service (device crash) via SIP (1) INVITE, (2) CANCEL, or unspecified other messages with a WWW-Authenticate header containing a crafted Digest domain.
CVE-2007-4459 EXPLOITDB perl WORKING POC
Cisco IP Phone 7940 and 7960 < 8.70 - Denial of Service via Malformed SIP Messages
Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and other SIP firmware before 8.7(0), allows remote attackers to cause a denial of service (device reboot) via (1) a certain sequence of 10 invalid SIP INVITE and OPTIONS messages; or (2) a certain invalid SIP INVITE message that contains a remote tag, followed by a certain set of two related SIP OPTIONS messages.
CVE-2007-2270 EXPLOITDB perl WORKING POC
Linksys SPA941 - Denial of Service via SIP INVITE From Header
The Linksys SPA941 VoIP Phone allows remote attackers to cause a denial of service (device reboot) via a 0377 (0xff) character in the From header, and possibly certain other locations, in a SIP INVITE request.
CVE-2007-2270 EXPLOITDB perl WORKING POC
Linksys SPA941 - Denial of Service via SIP INVITE From Header
The Linksys SPA941 VoIP Phone allows remote attackers to cause a denial of service (device reboot) via a 0377 (0xff) character in the From header, and possibly certain other locations, in a SIP INVITE request.
CVE-2007-4553 EXPLOITDB perl WORKING POC
Thomson ST 2030 SIP Phone 1.52.1 - Denial of Service via Malformed Via Header
The Thomson ST 2030 SIP phone with software 1.52.1 allows remote attackers to cause a denial of service (device hang) via an INVITE message with a Via header that contains a '/' (slash) instead of the required space following the SIP version number.
CVE-2007-4498 EXPLOITDB perl WORKING POC
Grandstream SIP Phone GXV-3000 <1.0.1.7 - SSRF
The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader 1.0.0.6, and Boot 1.0.0.18 allows remote attackers to force silent call completion, eavesdrop on the phone's local environment, and cause a denial of service (blocked call reception) via a certain SIP INVITE message followed by a certain "SIP/2.0 183 Session Progress" message.