CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2008-6706
https://notcve.org/view.php?id=CVE-2008-6706
Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts "subscriber table passwords," (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts "subscriber table passwords." Múltiples vulnerabilidades no especificadas en el interfase de gestión web en Avaya SIP Enablement Services (SES) v3.x y v4.0, como los usados en Avaya Communicatión Manager v3.1.x, permite a atacantes remotos conseguir (1)configuración de la aplicación del servidor, (2) configuración del servidor de bases de datos, incluidas claves cifradas, (3) utilidad del sistema que desencripta "claves de tablas de suscriptor", (4) utilidad del sistema que desencripta las claves de la base de datos, y (5) una utilidad del sistema que encripta "claves de tablas de suscriptor". • http://osvdb.org/46602 http://secunia.com/advisories/30751 http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm http://www.securityfocus.com/bid/29939 http://www.voipshield.com/research-details.php?id=81 http://www.voipshield.com/research-details.php?id=82 http://www.voipshield.com/research-details.php?id=83 http://www.voipshield.com/research-details.php?id=84 http://www.voipshield.com/research-details.php? •
CVSS: 6.8EPSS: 0%CPEs: 14EXPL: 0CVE-2008-6575
https://notcve.org/view.php?id=CVE-2008-6575
Unspecified vulnerability in the SIP server in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote authenticated users to cause a denial of service (resource consumption) via unknown vectors. Vulnerabilidad no especificada en el servidor SIP en SIP Enablement Services (SES) en Avaya Communication Manager 3.1.x y 4.x permite a usuarios remotos autenticados provocar una denegación de servicio (consumo de recursos) a través de vectores desconocidos. • http://osvdb.org/44287 http://secunia.com/advisories/29744 http://www.voipshield.com/research-details.php?id=23 https://exchange.xforce.ibmcloud.com/vulnerabilities/41734 https://exchange.xforce.ibmcloud.com/vulnerabilities/49849 •
CVSS: 6.8EPSS: 0%CPEs: 11EXPL: 0CVE-2008-6573
https://notcve.org/view.php?id=CVE-2008-6573
Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to the SIP server. Múltiples vulnerabilidades de inyección SQL en Avaya SIP Enablement Services (SES) en Avaya Avaya Communication Manager 3.x, 4.0, y 5.0 (1) permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores no especificados relacionados con perfiles en el SIP Personal Information Manager (SPIM) en la interfaz web; y permite a usuarios remotos autenticados ejecutar comandos SQL de su elección a través de vectores no especificados relacionados a (2) permisos para perfiles SPIM en la interfaz web y (3) una petición SIP manipulada en el servidor SIP. • http://osvdb.org/44284 http://osvdb.org/44285 http://osvdb.org/44286 http://secunia.com/advisories/29744 http://support.avaya.com/elmodocs2/security/ASA-2008-150.htm http://support.avaya.com/elmodocs2/security/ASA-2008-151.htm http://www.securityfocus.com/bid/28682 http://www.voipshield.com/research-details.php?id=22 http://www.voipshield.com/research-details.php?id=25 http://www.voipshield.com/research-details.php?id=26 https://exchange.xforce.ibmcloud.com/vulnerabili • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 1%CPEs: 14EXPL: 0CVE-2008-6574
https://notcve.org/view.php?id=CVE-2008-6574
Unspecified vulnerability in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote attackers to gain privileges and cause a denial of service via unknown vectors related to reuse of valid credentials. Vulnerabilidad no especificada en SIP Enablement Services (SES) en Avaya Communication Manager 3.1.x y 4.x permite a atacantes remotos conseguir privilegios y provocar una denegación de servicio a través de vectores desconocidos relacionados con reutilizar credenciales válidas. • http://osvdb.org/44288 http://secunia.com/advisories/29744 http://www.securityfocus.com/bid/28687 http://www.voipshield.com/research-details.php?id=24 https://exchange.xforce.ibmcloud.com/vulnerabilities/41734 •
CVSS: 9.0EPSS: 1%CPEs: 12EXPL: 0CVE-2008-5709
https://notcve.org/view.php?id=CVE-2008-5709
Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components. Múltiples vulnerabilidades sin especificar en la interfaz de gestión web en Avaya Communication Manager (CM) 3.1 antes de 3.1.4 SP2, 4.0 antes de 4.0.3 SP1 y 5.0 antes de 5.0 SP3 permite a usuarios remotamente autentificados ejecutar código de su elección mediante vectores de ataque desconocidos en los componentes (1) Set Static Routes y (2) Backup History. • http://secunia.com/advisories/32204 http://support.avaya.com/elmodocs2/security/ASA-2008-391.htm http://www.securityfocus.com/bid/31645 http://www.voipshield.com/research-details.php?id=121 http://www.voipshield.com/research-details.php?id=122 http://www.vupen.com/english/advisories/2008/2772 https://exchange.xforce.ibmcloud.com/vulnerabilities/45747 https://exchange.xforce.ibmcloud.com/vulnerabilities/45749 • CWE-20: Improper Input Validation •