Input buffers were not properly escaped when providing lookup data to the Postgres Realtime Engine. An attacker could potentially compromise the administrative database containing users' usernames and passwords used for SIP authentication, among other things.

http://www.securiteam.com/unixfocus/6F0020KKKO.html