2 results (0.010 seconds)

CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0

Directory traversal vulnerability in the NMS server in Alcatel-Lucent OmniVista 4760 R5.1.06.03 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in HTTP GET requests, related to the lang variable. Vulnerabilidad de salto de directorio en el servidor NMS en Alcatel-Lucent OmniVista 4760 R5.1.06.03 y anteriores, permite a atacantes remotos leer ficheros locales de su elección al utilizar secuencias transversales en peticiones HTTP GET, relacionado con la variable lang. • http://seclists.org/fulldisclosure/2011/Mar/8 http://secunia.com/advisories/43507 http://securityreason.com/securityalert/8122 http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2011002.pdf http://www.securityfocus.com/archive/1/516768/100/0/threaded http://www.securityfocus.com/bid/46624 http://www.vupen.com/english/advisories/2011/0548 https://exchange.xforce.ibmcloud.com/vulnerabilities/65848 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2

Multiple cross-site scripting (XSS) vulnerabilities in Alcatel OmniVista 4760 R4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the action parameter to php-bin/Webclient.php or (2) the Langue parameter to the default URI. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Alcatel OmniVista 4760 R4.2 y versiones anteriores permiten a atacantes remotos inyectar scripts web o HTML de su elección mediante (1) el parámetro action en php-bin/Webclient.php ó (2) el parámetro Langue en el URI por defecto. • https://www.exploit-db.com/exploits/30691 http://osvdb.org/37997 http://secunia.com/advisories/27294 http://securityreason.com/securityalert/3280 http://www.s21sec.com/avisos/s21sec-038-en.txt http://www.securityfocus.com/archive/1/482507/100/0/threaded http://www.securityfocus.com/bid/26128 http://www.vupen.com/english/advisories/2007/3541 http://www1.alcatel-lucent.com/psirt/statements/2007003/4760xss.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •