CVE-2010-0685
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2010-0685
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Digium Asterisk design功能模块${EXTEN}变量和通配符模式漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Asterisk是一种开放源代码的通信平台。 Asterisk开源design功能模块中变量和通配符模式漏洞,当使用${EXTEN}变量和通配符模式匹配,允许关联攻击者使用匹配字符注入代码进入dialplan,注入变量扩大,同样证明使用Dial功能处理一个自制的SIP INVITE消息加入一个无效路径。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2010-0685
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2010-0685
请登录查看更多情报信息。
- http://downloads.digium.com/pub/security/AST-2010-002.htmlx_refsource_CONFIRM
- http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.htmlvendor-advisoryx_refsource_FEDORA
- https://nvd.nist.gov/vuln/detail/CVE-2010-0685
Same Patch Batch · n/a · 2010-02-23 · 22 CVEs total
| CVE-2010-0700 | WampServer 'index.php' 跨站脚本攻击漏洞 | |
| CVE-2010-0696 | Joomlaworks Joomla! Jw_allVideos插件目录遍历漏洞 | |
| CVE-2010-0695 | BASIC-CMS 'pages/index.php' 跨站脚本攻击漏洞 | |
| CVE-2010-0694 | Percha 'com_perchagallery'组件SQL注入漏洞 | |
| CVE-2010-0693 | CommodityRentals Trade Manager Script 'products.php' SQL注入漏洞 | |
| CVE-2010-0692 | Iptechinside Jquarks组件 SQL 注入漏洞 | |
| CVE-2010-0691 | Jtl-Software JTL-Shop 2 'druckansicht.php' SQL注入漏洞 | |
| CVE-2010-0690 | CommodityRentals Video Games Rentals 'index.php'SQL注入漏洞 | |
| CVE-2010-0703 | PortWise SSL VPN 'wa/auth' 跨站脚本攻击漏洞 | |
| CVE-2010-0702 | Fonality trixbox 'PhoneDirectory.php' SQL注入漏洞 | |
| CVE-2010-0701 | Newgen Software OmniDocs 'ForceChangePassword.jsp' SQL 注入漏洞 | |
| CVE-2009-3036 | Symantec IM Manager控制台跨站脚本攻击漏洞 | |
| CVE-2010-0699 | VideoSearchScript Pro 'index.php' 跨站脚本攻击漏洞 | |
| CVE-2010-0698 | Dynamicsoft WSC CMS 'backoffice/login.asp'SQL注入漏洞 | |
| CVE-2010-0697 | Drupal iTweak Upload 模块跨站脚本攻击漏洞 | |
| CVE-2010-0682 | WordPress Trashed Posts 信息泄露漏洞 | |
| CVE-2010-0189 | Nos_Microsystems getPlus下载管理器域验证任意文件下载漏洞 | |
| CVE-2010-0148 | Cisco Security Agent 未明远程拒绝服务漏洞 | |
| CVE-2010-0147 | Cisco Security Agents Management Center SQL 注入漏洞 | |
| CVE-2010-0146 | Cisco Security Agent Management Center 目录遍历漏洞 |
Showing top 20 of 22 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
V. Comments for CVE-2010-0685
No comments yet