CVSS: 5.2EPSS: 0%CPEs: 4EXPL: 0CVE-2007-1491
https://notcve.org/view.php?id=CVE-2007-1491
Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties. Apache Tomcat en Avaya S87XX, S8500, y S8300 versiones anteriores a CM 3.1.3, y Avaya SES permite conexiones de interfaces externas mediante el puerto 8009, que lo expone a ataques de fuentes externas. • http://secunia.com/advisories/24434 http://support.avaya.com/elmodocs2/security/ASA-2007-051.htm http://www.osvdb.org/33346 •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-1490
https://notcve.org/view.php?id=CVE-2007-1490
Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allow remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors (aka "shell command injection"). Páginas web de mantenimiento no especificadas en Avaya S87XX, S8500, y S8300 versiones anteriores a CM 3.1.3, y Avaya SES permite a usuarios remotos autenticados ejecutar comandos de su elección mediante metacaracteres shell en vectores si especificar (también conocido como "inyección de comando shell"). • http://secunia.com/advisories/24434 http://support.avaya.com/elmodocs2/security/ASA-2007-052.htm http://www.osvdb.org/33300 •
CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2007-1367
https://notcve.org/view.php?id=CVE-2007-1367
Cross-site scripting (XSS) vulnerability in the login page in Avaya Communications Manager (CM) S87XX, S8500, and S8300 products before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Login field. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la página de autenticación de los productos Avaya Communications Manager (CM) S87XX, S8500 y S8300 anteriores al 3.1.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el campo Login. • http://secunia.com/advisories/24397 http://support.avaya.com/elmodocs2/security/ASA-2007-064.htm http://www.osvdb.org/33297 http://www.securityfocus.com/bid/22866 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2006-1058
https://notcve.org/view.php?id=CVE-2006-1058
BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables. BusyBox 1.1.1 no utiliza una "sal" cuando genera contraseñas, lo que facilita a usuarios locales adivinar contraseñas a partir de un fichero de contraseñas robado usando técnicas como tablas "rainbow". • http://bugs.busybox.net/view.php?id=604 http://secunia.com/advisories/19477 http://secunia.com/advisories/25098 http://secunia.com/advisories/25848 http://support.avaya.com/elmodocs2/security/ASA-2007-250.htm http://www.redhat.com/support/errata/RHSA-2007-0244.html http://www.securityfocus.com/bid/17330 https://exchange.xforce.ibmcloud.com/vulnerabilities/25569 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9483 https://access.redhat.com/secu • CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 5.0EPSS: 1%CPEs: 5EXPL: 0CVE-2006-0718
https://notcve.org/view.php?id=CVE-2006-0718
The Internet Key Exchange version 1 (IKEv1) implementation in Avaya VSU 100, 2000, 7500, 10000, and CSU 5000, when running IPSec, allows remote attackers to cause a denial of service (crash) via certain IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. • http://secunia.com/advisories/18836 http://support.avaya.com/elmodocs2/security/ASA-2006-043.htm http://www.kb.cert.org/vuls/id/226364 http://www.securityfocus.com/bid/16613 •