ZwelL

9 exploits Active since May 2005
CVE-2006-0189 EXPLOITDB c WORKING POC
eStara Softphone 3.0.1.14-3.0.1.46 - Remote Code Execution via Long SDP Attribute Field
Buffer overflow in eStara Softphone 3.0.1.14 through 3.0.1.46 allows remote attackers to execute arbitrary code via a long attribute (aka "a") field in the SDP data of a SIP packet on UDP port 5060.
CVE-2005-0063 EXPLOITDB c++ WORKING POC
Microsoft Windows 2000, XP, and Server 2003 - Remote Code Execution via CLSID Modification
The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.
CVE-2007-4366 EXPLOITDB c WORKING POC
WengoPhone 2.1 - Denial of Service via SIP INVITE Message Without Content-Type Header
WengoPhone 2.1 allows remote attackers to cause a denial of service (device crash) via a SIP INVITE message without a Content-Type header.
EIP-2026-116571 EXPLOITDB c WORKING POC
Wireshark < 0.99.6 - Mms Remote Denial of Service
CVE-2007-4382 EXPLOITDB c WORKING POC
CounterPath X-Lite 3.0 34025 - Denial of Service via SIP INVITE Message
CounterPath X-Lite 3.0 34025, and possibly eyeBeam, allows remote attackers to cause a denial of service (device crash) via a SIP INVITE message without a Content-Type header.
CVE-2006-0359 EXPLOITDB c WORKING POC
CounterPath eyeBeam SIP Softphone - Denial of Service via Long SIP INVITE Header Field
Buffer overflow in CounterPath eyeBeam SIP Softphone allows remote attackers to (1) cause a denial of service (device crash) via SIP INVITE commands with a long header field name sent during startup and (2) cause a denial of service (device hang or crash) via SIP INVITE commands with a long header field name sent during a call.
CVE-2006-0359 EXPLOITDB c WORKING POC
CounterPath eyeBeam SIP Softphone - Denial of Service via Long SIP INVITE Header Field
Buffer overflow in CounterPath eyeBeam SIP Softphone allows remote attackers to (1) cause a denial of service (device crash) via SIP INVITE commands with a long header field name sent during startup and (2) cause a denial of service (device hang or crash) via SIP INVITE commands with a long header field name sent during a call.
CVE-2006-0738 EXPLOITDB text WORKING POC
eStara Softphone < 3.0.1.47 - Denial of Service via SIP INVITE SDP Format String Specifiers
Multiple format string vulnerabilities in eStara SIP softphone allow remote attackers to cause a denial of service (hang) via SIP INVITE requests with format string specifiers in the SDP session description, as demonstrated using (1) the field name, (2) the o field (owner/creator and session identifier), or (3) the m field (media name and transport address).
CVE-2006-0737 EXPLOITDB text WORKING POC
estara softphone < 3.0.1.47 - Denial of Service via SIP OPTIONS Request with Negative Expires Field
eStara SIP softphone allows remote attackers to cause a denial of service (crash) via a SIP OPTIONS request with a negative Expires field.