Condorlab

Asterisk – Vulnerability in res_http_websocket.c

Advisory IDRSN-SIP-1629 Vulnerability Information An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a bus...

Asterisk – Vulnerability

Advisory IDRSN-SIP-1628 Vulnerability Information A NULL pointer access issue was discovered in Asterisk 15.x through 15.2.1. The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SD...

Zenitel – Vulnerability in Norway IP-StationWeb

Advisory IDRSN-SIP-1627 Vulnerability Information Zenitel Norway IP-StationWeb before 4.2.3.9 allows stored XSS via the Display Name for Station Status or Account Settings, related to the goform/zForm_save_changes sip_nick parameter. The ...

FreePBX – Vulnerability in FreePBX core

Advisory IDRSN-SIP-1621 Vulnerability Information An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands...