CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2008-5710
https://notcve.org/view.php?id=CVE-2008-5710
24 Dec 2008 — Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1.x, 4.0.3, and 5.x allow remote attackers to read (1) configuration files, (2) log files, (3) binary image files, and (4) help files via unknown vectors. Múltiples vulnerabilidades sin especificar en la interfaz de gestión web en Avaya Communication Manager (CM) 3.1.x, 4.0.3 y 5.x permite a atacantes remotos leer (1) archivos de configuración, (2) archivos de log, (3) archivos binarios de imagen y (4)... • http://secunia.com/advisories/32035 • CWE-16: Configuration •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2008-3777
https://notcve.org/view.php?id=CVE-2008-3777
25 Aug 2008 — The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, writes account names and passwords to the (1) alarm and (2) system logs during failed login attempts, which allows local users to obtain login credentials by reading these logs. SIP Enablement Services (SES) Server en Avaya SIP Enablement Services 5.0 y Communication Manager (CM) 5.0 en el S8300C con SES activado, escribe los nombres y contraseñas de cuenta en los... • http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2008-3778
https://notcve.org/view.php?id=CVE-2008-3778
25 Aug 2008 — The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause a denial of service (messaging outage) or gain privileges via an update request. El interfaz remoto de gestión en SIP Enablement Services (SES) Server en Avaya SIP Enablement Services 5.0 y Communication Manager (CM) 5.0 en el S8300... • http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2007-1490
https://notcve.org/view.php?id=CVE-2007-1490
16 Mar 2007 — Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allow remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors (aka "shell command injection"). Páginas web de mantenimiento no especificadas en Avaya S87XX, S8500, y S8300 versiones anteriores a CM 3.1.3, y Avaya SES permite a usuarios remotos autenticados ejecutar comandos de su elección mediante metacaracteres shell en vectores si especificar (también conocido ... • http://secunia.com/advisories/24434 •