CVSS: 5.0EPSS: 3%CPEs: 2EXPL: 0CVE-2008-6141
https://notcve.org/view.php?id=CVE-2008-6141
Unspecified vulnerability in Avaya IP Softphone 6.0 SP4 and 6.01.85 allows remote attackers to cause a denial of service (crash) via a large amount of H.323 data. Vulnerabilidad no especificada en Avaya IP Softphone v6.0 SP4 y v6.01.85 permite a atacantes remotos provocar una denegación de servicio (caída) al utilizar una gran cantidad de datos H.323. • http://secunia.com/advisories/32206 http://support.avaya.com/elmodocs2/security/ASA-2008-363.htm http://www.securityfocus.com/bid/31635 http://www.voipshield.com/research-details.php?id=125 http://www.vupen.com/english/advisories/2008/2775 https://exchange.xforce.ibmcloud.com/vulnerabilities/45745 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2008-6140
https://notcve.org/view.php?id=CVE-2008-6140
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Avaya one-X Desktop Edition 2.1.0.78 allows remote attackers to cause a denial of service (crash) via unspecified vectors. Vulnerabilidad no especificada en el protocolo de inicio de sesión (SIP) implementado en Avaya one-X Desktop Edition v2.1.0.78 permite a atacantes remotos provocar una denegación de servicio (caída) mediante vectores no especificados. • http://secunia.com/advisories/32205 http://support.avaya.com/elmodocs2/security/ASA-2008-370.htm http://www.securityfocus.com/bid/31636 http://www.voipshield.com/research-details.php?id=124 https://exchange.xforce.ibmcloud.com/vulnerabilities/45748 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2008-5882
https://notcve.org/view.php?id=CVE-2008-5882
SQL injection vulnerability in login.asp in Citrix Application Gateway - Broadcast Server (BCS) before 6.1, as used by Avaya AG250 - Broadcast Server before 2.0 and possibly other products, allows remote attackers to execute arbitrary SQL commands via the txtUID parameter. Vulnerabilidad de inyección SQL en login.asp en Citrix Application Gateway - Broadcast Server (BCS) versiones anteriores a v6.1, como el utilizado por Avaya AG250 - Broadcast Server versiones anteriores a v2.0, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "txtUID". • http://secunia.com/advisories/33127 http://securityreason.com/securityalert/4889 http://support.citrix.com/article/CTX119315 http://www.securityfocus.com/archive/1/499559/100/0/threaded http://www.securityfocus.com/bid/32832 http://www.securitytracker.com/id?1021411 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 0%CPEs: 20EXPL: 0CVE-2008-5710
https://notcve.org/view.php?id=CVE-2008-5710
Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1.x, 4.0.3, and 5.x allow remote attackers to read (1) configuration files, (2) log files, (3) binary image files, and (4) help files via unknown vectors. Múltiples vulnerabilidades sin especificar en la interfaz de gestión web en Avaya Communication Manager (CM) 3.1.x, 4.0.3 y 5.x permite a atacantes remotos leer (1) archivos de configuración, (2) archivos de log, (3) archivos binarios de imagen y (4) archivos de ayuda mediante vectores desconocidos. • http://secunia.com/advisories/32035 http://support.avaya.com/elmodocs2/security/ASA-2008-394.htm http://www.securityfocus.com/bid/31639 http://www.voipshield.com/research-details.php?id=123 http://www.vupen.com/english/advisories/2008/2774 https://exchange.xforce.ibmcloud.com/vulnerabilities/45750 • CWE-16: Configuration •
CVSS: 9.0EPSS: 1%CPEs: 12EXPL: 0CVE-2008-5709
https://notcve.org/view.php?id=CVE-2008-5709
Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components. Múltiples vulnerabilidades sin especificar en la interfaz de gestión web en Avaya Communication Manager (CM) 3.1 antes de 3.1.4 SP2, 4.0 antes de 4.0.3 SP1 y 5.0 antes de 5.0 SP3 permite a usuarios remotamente autentificados ejecutar código de su elección mediante vectores de ataque desconocidos en los componentes (1) Set Static Routes y (2) Backup History. • http://secunia.com/advisories/32204 http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm http://www.securityfocus.com/bid/31645 http://www.voipshield.com/research-details.php?id=121 http://www.voipshield.com/research-details.php?id=122 http://www.vupen.com/english/advisories/2008/2772 https://exchange.xforce.ibmcloud.com/vulnerabilities/45747 https://exchange.xforce.ibmcloud.com/vulnerabilities/45749 • CWE-20: Improper Input Validation •