Yealink VoIP Phones suffer from CRLF injection and cross site scripting vulnerabilities. This affects firmware version 28.72.0.2 and hardware version 28.2.0.128.0.0.0.
5877e5e599e1ec8f3252efb057e48af4340a62c662c79b06e1baef4de7a15174Ops View version pre 4.4.41 suffers from a remote blind SQL injection vulnerability.
92acf8e21feac8586d79811c350e5a6dedf7fd0f2d984f37157264df9d4b6078Ops View version pre 4.4.41 suffers from multiple cross site scripting vulnerabilities.
f03cc918c29800f4fb81785310e92c629c35a77aaa048713a3b86f607b6c1b59Adtran Netvanta 7100 with firmware prior to R10.5.3.HA suffers from bypass, injection, and cross site scripting vulnerabilities.
de57cf95a25a199d03c85cba970136084ba737d94ce33a865bda94b7d07f6e41Ransack is a post exploitation shellscript for penetration testers. Its purpose is to grab any information deemed relevant on a system, post root compromise. This information may include config files, ssh keys, ssl keys, or any other information deemed valuable.
aa3c9a1ec450a0d4938e11d530ee62851d77207f5fd3de404050516ca2d51b5aPhorensix is a post-login VoIP forensics tool created for Asterisk (tested on Asterisk 1.4.5 to be exact). Phorensix takes a look at a rogue host connecting to a vulnerable account. Who is connecting, where are they coming from, what are they doing to my PBX, what are they doing ON MY PBX.
c1c3095c55f2ee325938757792b91d6a8739f648eb60657a6fc3e8c534058355Microsoft Internet Explorer version 7.0.5730.11 is susceptible to a denial of service condition via a malicious script tag.
32587f15bbb42c74cfa9fc2813a6618500bf3892730f92d4f3161e81ef007b14Sharpener is an ssh brute force blocking tool for Linux and the BSD's (Open/Net/Free). It runs in cron and parses out the brute force attempts to your server and automatically blocks those hosts from connecting. The script will also send an email of the attackers address to an account.
0f0f3d5796706797226b090e68269f4841ad31cd4e8d7f8814fefb9374304dd7Securing LAMP - A whitepaper that discusses a methodology to configure, test, and run a Secure LAMP environment.
0a73c4ff31794a44f95f44d0961f1120c44546bc0cf54caca727cf680291cce0A vulnerability exists in the SIP channel driver (channels/chan_sip.c) in all versions of Asterisk prior to 1.2.13. Local and remote attackers are able to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of "a real pvt structure" that uses more resources than necessary.
a0b69f47536e73b285c774a48e73b782b7e994f357ef89aaf93b8cc152f27fdeAsteroid is a SIP Denial of Service testing tool. It consists of over 36,000 unique SIP packets and can be quickly modified to create others. Packets are grouped into their respective types (INVITES, BYE, CANCEL, etc.) and can be sent individually or called from a shell script and sent in clusters. Asteroid has effectively crashed all versions of Asterisk up until 1.2.13 and greater which were patched against the sequence which caused the crash.
5869a4e08a370e2d07a88385b15e2b22923f638f5bd2d85e4e36f4bcae2197d4Asterisk Open Source PBX versions prior to 1.2.13 are vulnerable to local and remote denial of service attacks via a sequence of malformed packets.
2b0be2f77b87a8b5e9ce286060248fb1dbf05ea28f09a44a6813660999d9e6f6Plague is an odd proof of concept backdoor tool based on the premise of using existing system files and commands to keep and maintain a backdoor on Linux systems. Uses awk and sed to make malicious commands seem innocuous.
6e5511d6e1d98fbe28a389f584a60200782738f61d0f946455bb06699e5de469Modified version of the Achilles Windows Attack Tool that Microsoft claims does not demonstrate a denial of service vulnerability.
564614ac339c305d4dbfa6c62e1cd6f17eebc97d75ee17486b08afe3aedaa552
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed