CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1CVE-2014-3809 – 1830 Photonic Service Switch PSS-32/16/4 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2014-3809
Cross-site scripting (XSS) vulnerability in the management interface in Alcatel-Lucent 1830 Photonic Service Switch (PSS) 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the myurl parameter to menu/pop.html. Una vulnerabilidad de tipo cross-site scripting (XSS) en la interfaz de administración en Alcatel-Lucent 1830 Photonic Service Switch (PSS) versiones 6.0 y anteriores, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro myurl en el archivo menu/pop.html. Swisscom CSIRT discovered a security flaw in the management interface of the Alcatel Lucent 1830 Photonic Service Switch series that allows for cross site scripting attacks. Versions 6.0 and below are affected. • https://www.securityfocus.com/archive/1/534124 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2014-1750 – Nokia Maps & Places < 1.6.7 - Open Redirect
https://notcve.org/view.php?id=CVE-2014-1750
Open redirect vulnerability in nokia-mapsplaces.php in the Nokia Maps & Places plugin 1.6.6 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the href parameter to page/place.html. NOTE: this was originally reported as a cross-site scripting (XSS) vulnerability, but this may be inaccurate. Vulnerabilidad de redirección abierta en nokia-mapsplaces.php en el plugin Nokia Maps & Places 1.6.6 para WordPress permite a atacantes remotos redirigir a usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing a través de una URL en el parámetro href en page/place.html. NOTA: esto se reportó originalmente como una vulnerabilidad de XSS, pero puede ser impreciso. Open redirect vulnerability in nokia-mapsplaces.php in the Nokia Maps & Places plugin 1.6.6 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the href parameter to page/place.html. • http://seclists.org/oss-sec/2014/q1/173 http://seclists.org/oss-sec/2014/q1/181 http://www.securityfocus.com/bid/65226 https://plugins.trac.wordpress.org/browser/nokia-mapsplaces/trunk/nokia-mapsplaces.php?rev=841883 https://plugins.trac.wordpress.org/browser/nokia-mapsplaces/trunk/nokia-mapsplaces.php?rev=842384 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 4.3EPSS: 26%CPEs: 1EXPL: 4CVE-2012-2442 – Nokia PC Suite Video Manager 7.1.180.64 - '.mp4' Denial of Service
https://notcve.org/view.php?id=CVE-2012-2442
Buffer overflow in the Video Manager in Nokia PC Suite 7.1.180.64 and earlier allows remote attackers to cause a denial of service via a crafted mp4 file. Desbordamiento de búfer en Video Manager de Nokia PC Suite v7.1.180.64 y anteriores, permite a atacantes remotos causar una denegación de servicio a través de un archivo MP4 modificado. • https://www.exploit-db.com/exploits/18795 http://osvdb.org/81498 http://packetstormsecurity.org/files/112295/Nokia-CP-Suite-Video-Manager-7.1.180.64-Denial-Of-Service.html http://www.exploit-db.com/exploits/18795 http://www.securityfocus.com/bid/53290 https://exchange.xforce.ibmcloud.com/vulnerabilities/75235 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2011-1472
https://notcve.org/view.php?id=CVE-2011-1472
The Nokia E75 phone with firmware before 211.12.01 allows physically proximate attackers to bypass the Device Lock code by entering an unspecified button sequence at boot time. El teléfono Nokia E75 con firmware anterior a v211.12.01 permite a atacantes físicamente próximos evitar el código de bloqueo de dispositivos mediante la introducción de una secuencia de botones sin especificar durante el arranque • http://secunia.com/advisories/43827 http://www.cert.fi/en/reports/2011/vulnerability410355.html http://www.securityfocus.com/bid/47022 https://exchange.xforce.ibmcloud.com/vulnerabilities/66322 • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 7%CPEs: 1EXPL: 2CVE-2011-0498 – Nokia MultiMedia Player 1.0 - Local Overflow (SEH Unicode)
https://notcve.org/view.php?id=CVE-2011-0498
Stack-based buffer overflow in Nokia Multimedia Player 1.00.55.5010, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long entry in a playlist (.npl) file. Desbordamiento de búfer basado en pila en Nokia Multimedia Player v1.00.55.5010, y posiblemente otras versiones, permite a atacantes remotos asistidos por el usuario provocar una denegación de servicio (caída de la aplicación) y posiblemente ejecutar código arbitrario a través de una entrada larga en una lista de reproducción (.npl) de archivos. • https://www.exploit-db.com/exploits/15975 http://osvdb.org/70416 http://secunia.com/advisories/42852 http://www.exploit-db.com/exploits/15975 http://www.vupen.com/english/advisories/2011/0083 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •