Vulnerabilities (CVE)

Vendor filter

Alcatel-lucent Subscribe

Filter

27 total CVE
CVE Vendors Products Updated CVSS
CVE-2008-1331 1 Alcatel-lucent 1 Omnipcx 2019-08-14 10.0
cgi-data/FastJSData.cgi in OmniPCX Office with Internet Access services OXO210 before 210/091.001, OXO600 before 610/014.001, and other versions, allows remote attackers to execute arbitrary commands and "obtain OXO resources" via shell...
CVE-2008-4383 2 Alcatel, Alcatel-lucent 2 Aos, Omniswitch 2018-11-02 10.0
Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before...
CVE-2007-3010 1 Alcatel-lucent 1 Omnipcx 2018-10-16 10.0
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.
CVE-2007-2512 1 Alcatel-lucent 1 Omnipcx 2018-10-16 7.5
Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0 and later enables the mini switch by default, which allows attackers to gain access to the voice VLAN via daisy-chained systems.
CVE-2007-0932 2 Aruba, Alcatel-lucent 2 Omniaccess Wireless, Mobility Controller 2018-10-16 7.5
The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 do not properly implement authentication and privilege assignment for the guest account, which allows remote attackers to access...
CVE-2007-0931 2 Aruba, Alcatel-lucent 2 Omniaccess Wireless, Mobility Controller 2018-10-16 7.5
Heap-based buffer overflow in the management interfaces in (1) Aruba Mobility Controllers 200, 800, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 allows remote attackers to cause a denial of service (process crash) and...
CVE-2007-5361 1 Alcatel-lucent 1 Omnipcx 2018-10-15 8.5
The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which...
CVE-2007-5190 1 Alcatel-lucent 1 Omnivista 2018-10-15 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Alcatel OmniVista 4760 R4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the action parameter to php-bin/Webclient.php or (2) the Langue parameter to the...
CVE-2011-0345 1 Alcatel-lucent 1 Omnivista 2018-10-10 3.3
Directory traversal vulnerability in the NMS server in Alcatel-Lucent OmniVista 4760 R5.1.06.03 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in HTTP GET requests, related to the lang variable.
CVE-2015-2805 1 Alcatel-lucent 1 Omniswitch Firmware 2018-10-09 6.8
Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02,...
CVE-2015-2804 1 Alcatel-lucent 1 Omniswitch Firmware 2018-10-09 4.3
The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack...
CVE-2003-1108 1 Alcatel-lucent 1 Omnipcx 2017-10-11 5.0
The Session Initiation Protocol (SIP) implementation in Alcatel OmniPCX Enterprise 5.0 Lx allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS...
CVE-2016-9796 1 Alcatel-lucent 1 Omnivista 8770 Network Management System 2017-09-03 10.0
Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs interfaces, which can be queried using the GIOP protocol on TCP port 30024. An attacker can bypass authentication, and OmniVista invokes methods (AddJobSet, AddJob, and...
CVE-2013-4653 1 Alcatel-lucent 4 Omnitouch 8460 Advanced Communication Server, Omnitouch 8670 Automated Delivery Message Delivery System, Omnitouch 8400 Instant Communications Suite and 1 more 2017-08-29 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the signin functionality of ics in MyTeamwork services in Alcatel-Lucent Omnitouch 8660 My Teamwork before 6.7, Omnitouch 8670 Automated Message Delivery System (AMDS) before 6.7, Omnitouch...
CVE-2015-6498 1 Alcatel-lucent 1 Home Device Manager 2017-08-25 5.0
Alcatel-Lucent Home Device Manager before 4.1.10, 4.2.x before 4.2.2 allows remote attackers to spoof and make calls as target devices.
CVE-2011-0344 1 Alcatel-lucent 1 Omnipcx 2017-08-17 5.8
Multiple stack-based buffer overflows in unspecified CGI programs in the Unified Maintenance Tool web interface in the embedded web server in the Communication Server (CS) in Alcatel-Lucent OmniPCX Enterprise before R9.0 H1.301.50 allow remote...
CVE-2010-3281 1 Alcatel-lucent 1 Omnivista 4760 Server 2017-08-17 5.4
Stack-based buffer overflow in the HTTP proxy service in Alcatel-Lucent OmniVista 4760 server before R5.1.06.03.c_Patch3 allows remote attackers to execute arbitrary code or cause a denial of service (service crash) via a long request.
CVE-2010-3280 1 Alcatel-lucent 2 Ccagent, Omnitouch Contact Center 2017-08-17 6.9
The CCAgent option 9.0.8.4 and earlier in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition relies on client-side authorization checking, and unconditionally sends the SuperUser password to the...
CVE-2010-3279 1 Alcatel-lucent 2 Ccagent, Omnitouch Contact Center 2017-08-17 7.6
The default configuration of the CCAgent option before 9.0.8.4 in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition enables maintenance access, which allows remote attackers to monitor or...
CVE-2002-1691 1 Alcatel-lucent 1 Omnipcx 2017-07-11 10.0
Alcatel OmniPCX 4400 installs known user accounts and passwords in the /etc/password file by default, which allows remote attackers to gain unauthorized access.