Radu State

5 exploits Active since Mar 2007
CVE-2007-5488 EXPLOITDB perl WORKING POC
Asterisk-Addons < 1.2.7 - SQL Injection via Source/Destination Numbers or SIP URI
Multiple SQL injection vulnerabilities in cdr_addon_mysql in Asterisk-Addons before 1.2.8, and 1.4.x before 1.4.4, allow remote attackers to execute arbitrary SQL commands via the (1) source and (2) destination numbers, and probably (3) SIP URI, when inserting a record.
CVE-2007-5583 EXPLOITDB perl WORKING POC
Cisco IP Phone 7940 P0S3-08-7-00 - Denial of Service via SIP INVITE Request-URI
Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to cause a denial of service ("486 Busy" responses or device reboot) via a sequence of SIP INVITE transactions in which the Request-URI lacks a user name, a different vulnerability than CVE-2007-4459.
CVE-2007-1542 EXPLOITDB perl WORKING POC
Cisco IP Phone 7940 and 7960 - Denial of Service via SIP INVITE Remote-Party-ID Field
Unspecified vulnerability in the Cisco IP Phone 7940 and 7960 running firmware before POS8-6-0 allows remote attackers to cause a denial of service via the Remote-Party-ID sipURI field in a SIP INVITE request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1590 EXPLOITDB perl WORKING POC
Grandstream BudgeTone 200 - Denial of Service via SIP WWW-Authenticate Header
The Grandstream BudgeTone 200 IP phone, with program 1.1.1.14 and bootloader 1.1.1.5, allows remote attackers to cause a denial of service (device crash) via SIP (1) INVITE, (2) CANCEL, or unspecified other messages with a WWW-Authenticate header containing a crafted Digest domain.
CVE-2007-5411 EXPLOITDB text WORKING POC
Linksys SPA941 - Cross-Site Scripting via SIP From Header
Cross-site scripting (XSS) vulnerability in the Linksys SPA941 VoIP Phone with firmware 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the From header in a SIP message.