Home / exploits WebCalendar 1.2.4 PHP Injection / Local File Inclusion
Posted on 24 April 2012
76A4802DD; Mon, 23 Apr 2012 13:06:27 -0700 (PDT) Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq@securityfocus.com> List-Help: <mailto:bugtraq-help@securityfocus.com> List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com> Delivered-To: mailing list bugtraq@securityfocus.com Delivered-To: moderator for bugtraq@securityfocus.com Received: (qmail 21433 invoked from network); 23 Apr 2012 18:25:35 -0000 X-AuditID: c0a87820-b7c78ae000007561-68-4f959e9f6105 To: bugtraq@securityfocus.com From: "Asterisk Security Team" <security@asterisk.org> Subject: AST-2012-006: Remote Crash Vulnerability in SIP Channel Driver Message-Id: <E1SMNx8-0007Gq-R3@mail.digium.com> Date: Mon, 23 Apr 2012 13:25:34 -0500 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrILMWRWlGSWpSXmKPExsVy4/xXJt3586b6G3zoV7VovpDuwOhx/8wt 9gDGKC6blNSczLLUIn27BK6Mnk/3WAoma1cc+HSbvYHxnVAXIyeHhICJxJmDf5kgbDGJC/fW s3UxcnEICRxllOjvOcwKkhASaGOSWHgwE8QWEZCVWPjuFyOIzSZgJjHx6Vn2LkYODmEBd4n/ r2JBwrwC+hJPn34Hm8kioCqxfcF21gmMnAsYGVYxShanGRjmVhjpFacmlxZlllSm5SeXFusl 5+duYgT65cCKCoUdjBcu6h5iFOBgVOLhzU6f6i/EmlhWXJl7iFGSg0lJlNfkea+/EF9Sfkpl RmJxRnxRaU5q8SFGCQ5mJRHeVWuBcrwpiZVVqUX5MCkZDg4lCd59z4BSgkWp6akVaZk5wOCD STNxcIK08wC159wDaS8uSMwtzkyHyJ9i1OXo7Th2hVGIJS8/L1VKnHffY6AiAZCijNI8uDmg mKj/////JUZZKWFeRgYGBiGegtSi3MwShDwopl4xigM9JsyrAvIFT2ZeCdymV0BHMAEdEV/S BXJESSJCSqqBsVi6wD+9+duTYEfhLfHTNrFxOHhw9z+2Z02SefIu7sz5p0xc2tqWoT6lxfpJ S66yutxQ5f3/e9PjDd8lD7j4rYnj2BDz6YPL5FMOd1eaa+eFJb9z7tGtV1C+bH5dSN8wVE1e 2vjzLc3g6X+P/vX46LJt4+b+b3yn9sfPez99UWlgjlJBxqvFSizFGYmGWsxFxYkAJrXX0YQC AAA= Content-Length: 5454 Lines: 82 Asterisk Project Security Advisory - AST-2012-006 Product Asterisk Summary Remote Crash Vulnerability in SIP Channel Driver Nature of Advisory Remote Crash Susceptibility Remote Authenticated Sessions Severity Moderate Exploits Known No Reported On April 16, 2012 Reported By Thomas Arimont Posted On April 23, 2012 Last Updated On April 23, 2012 Advisory Contact Matt Jordan < mjordan AT digium DOT com > CVE Name Description A remotely exploitable crash vulnerability exists in the SIP channel driver if a SIP UPDATE request is processed within a particular window of time. For this to occur, the following must t
