ZwelL

9 exploits Active since May 2005
CVE-2006-0189 EXPLOITDB c WORKING POC
Estara Softphone - Buffer Overflow
Buffer overflow in eStara Softphone 3.0.1.14 through 3.0.1.46 allows remote attackers to execute arbitrary code via a long attribute (aka "a") field in the SDP data of a SIP packet on UDP port 5060.
CVE-2005-0063 EXPLOITDB c++ WORKING POC
Microsoft Windows <2000-2003 - RCE
The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.
CVE-2007-4366 EXPLOITDB c WORKING POC
WengoPhone 2.1 - DoS
WengoPhone 2.1 allows remote attackers to cause a denial of service (device crash) via a SIP INVITE message without a Content-Type header.
EIP-2026-116571 EXPLOITDB c WORKING POC
Wireshark < 0.99.6 - Mms Remote Denial of Service
CVE-2007-4382 EXPLOITDB c WORKING POC
CounterPath X-Lite <3.0 - DoS
CounterPath X-Lite 3.0 34025, and possibly eyeBeam, allows remote attackers to cause a denial of service (device crash) via a SIP INVITE message without a Content-Type header.
CVE-2006-0359 EXPLOITDB c WORKING POC
Counterpath Eyebeam Sip Softphone - Memory Corruption
Buffer overflow in CounterPath eyeBeam SIP Softphone allows remote attackers to (1) cause a denial of service (device crash) via SIP INVITE commands with a long header field name sent during startup and (2) cause a denial of service (device hang or crash) via SIP INVITE commands with a long header field name sent during a call.
CVE-2006-0359 EXPLOITDB c WORKING POC
Counterpath Eyebeam Sip Softphone - Memory Corruption
Buffer overflow in CounterPath eyeBeam SIP Softphone allows remote attackers to (1) cause a denial of service (device crash) via SIP INVITE commands with a long header field name sent during startup and (2) cause a denial of service (device hang or crash) via SIP INVITE commands with a long header field name sent during a call.
CVE-2006-0738 EXPLOITDB text WORKING POC
Estara Softphone < 3.0.1.47 - Denial of Service
Multiple format string vulnerabilities in eStara SIP softphone allow remote attackers to cause a denial of service (hang) via SIP INVITE requests with format string specifiers in the SDP session description, as demonstrated using (1) the field name, (2) the o field (owner/creator and session identifier), or (3) the m field (media name and transport address).
CVE-2006-0737 EXPLOITDB text WORKING POC
Estara Softphone < 3.0.1.47 - Denial of Service
eStara SIP softphone allows remote attackers to cause a denial of service (crash) via a SIP OPTIONS request with a negative Expires field.