4 results (0.004 seconds)

CVSS: 10.0EPSS: 7%CPEs: 3EXPL: 3

Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs interfaces, which can be queried using the GIOP protocol on TCP port 30024. An attacker can bypass authentication, and OmniVista invokes methods (AddJobSet, AddJob, and ExecuteNow) that can be used to run arbitrary commands on the server, with the privilege of NT AUTHORITY\SYSTEM on the server. NOTE: The discoverer states "The vendor position is to refer to the technical guidelines of the product security deployment to mitigate this issue, which means applying proper firewall rules to prevent unauthorised clients to connect to the OmniVista server." Alcatel-Lucent OmniVista 8770 2.0 hasta la versión 3.0 expone diferentes interfaces ORBs, las cuales se pueden consultar usando el protocolo GIOP en el TCP puerto 30024. Un atacante puede eludir la autenticación, y OmniVista recurre a métodos (AddJobSet, AddJob y ExecuteNow) que pueden ser usados para ejecutar comandos arbitrarios en el servidor, con el privilegio de NT AUTHORITY\SYSTEM en el servidor. • https://www.exploit-db.com/exploits/40862 http://blog.malerisch.net/2016/12/alcatel-omnivista-8770-unauth-rce-giop-corba.html http://www.securityfocus.com/bid/94649 https://github.com/malerisch/omnivista-8770-unauth-rce https://www.youtube.com/watch?v=aq37lQKa9sk • CWE-264: Permissions, Privileges, and Access Controls CWE-287: Improper Authentication •

CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0

Directory traversal vulnerability in the NMS server in Alcatel-Lucent OmniVista 4760 R5.1.06.03 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in HTTP GET requests, related to the lang variable. Vulnerabilidad de salto de directorio en el servidor NMS en Alcatel-Lucent OmniVista 4760 R5.1.06.03 y anteriores, permite a atacantes remotos leer ficheros locales de su elección al utilizar secuencias transversales en peticiones HTTP GET, relacionado con la variable lang. • http://seclists.org/fulldisclosure/2011/Mar/8 http://secunia.com/advisories/43507 http://securityreason.com/securityalert/8122 http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2011002.pdf http://www.securityfocus.com/archive/1/516768/100/0/threaded http://www.securityfocus.com/bid/46624 http://www.vupen.com/english/advisories/2011/0548 https://exchange.xforce.ibmcloud.com/vulnerabilities/65848 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.4EPSS: 7%CPEs: 5EXPL: 0

Stack-based buffer overflow in the HTTP proxy service in Alcatel-Lucent OmniVista 4760 server before R5.1.06.03.c_Patch3 allows remote attackers to execute arbitrary code or cause a denial of service (service crash) via a long request. Desbordamiento de pila en el servicio de proxy HTTP en el servidor Alcatel-Lucent OmniVista 4760 anterior a vR5.1.06.03.c_Patch3 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída del servicio) a través de una solicitud larga. • http://secunia.com/advisories/41508 http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2010002.pdf http://www.nruns.com/_downloads/nruns-SA-2010-002.pdf http://www.securityfocus.com/archive/1/513865 http://www.securityfocus.com/archive/1/513866 http://www.securityfocus.com/bid/43338 http://www.vupen.com/english/advisories/2010/2460 https://exchange.xforce.ibmcloud.com/vulnerabilities/61922 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2

Multiple cross-site scripting (XSS) vulnerabilities in Alcatel OmniVista 4760 R4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the action parameter to php-bin/Webclient.php or (2) the Langue parameter to the default URI. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Alcatel OmniVista 4760 R4.2 y versiones anteriores permiten a atacantes remotos inyectar scripts web o HTML de su elección mediante (1) el parámetro action en php-bin/Webclient.php ó (2) el parámetro Langue en el URI por defecto. • https://www.exploit-db.com/exploits/30691 http://osvdb.org/37997 http://secunia.com/advisories/27294 http://securityreason.com/securityalert/3280 http://www.s21sec.com/avisos/s21sec-038-en.txt http://www.securityfocus.com/archive/1/482507/100/0/threaded http://www.securityfocus.com/bid/26128 http://www.vupen.com/english/advisories/2007/3541 http://www1.alcatel-lucent.com/psirt/statements/2007003/4760xss.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •