CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2011-0345
https://notcve.org/view.php?id=CVE-2011-0345
08 Mar 2011 — Directory traversal vulnerability in the NMS server in Alcatel-Lucent OmniVista 4760 R5.1.06.03 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in HTTP GET requests, related to the lang variable. Vulnerabilidad de salto de directorio en el servidor NMS en Alcatel-Lucent OmniVista 4760 R5.1.06.03 y anteriores, permite a atacantes remotos leer ficheros locales de su elección al utilizar secuencias transversales en peticiones HTTP GET, relacionado con la variable l... • http://seclists.org/fulldisclosure/2011/Mar/8 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2010-3279
https://notcve.org/view.php?id=CVE-2010-3279
23 Sep 2010 — The default configuration of the CCAgent option before 9.0.8.4 in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition enables maintenance access, which allows remote attackers to monitor or reconfigure Contact Center operations via vectors involving TSA_maintenance.exe. La configuración por defecto de la opción CCAgent anterior a v9.0.8.4 en el servidor de administración (también conocido como TSA) de Alcatel-Lucent OmniTouch Contact Center Standard Edition ... • http://secunia.com/advisories/41509 • CWE-16: Configuration •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2010-3280
https://notcve.org/view.php?id=CVE-2010-3280
23 Sep 2010 — The CCAgent option 9.0.8.4 and earlier in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition relies on client-side authorization checking, and unconditionally sends the SuperUser password to the client for use during an authorized session, which allows remote attackers to monitor or reconfigure Contact Center operations via a modified client application. La opción CCAgent v9.0.8.4 y anteriores en el servidor de gestión (también conocido como TSA) en Alcatel... • http://secunia.com/advisories/41547 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 0CVE-2010-3281
https://notcve.org/view.php?id=CVE-2010-3281
23 Sep 2010 — Stack-based buffer overflow in the HTTP proxy service in Alcatel-Lucent OmniVista 4760 server before R5.1.06.03.c_Patch3 allows remote attackers to execute arbitrary code or cause a denial of service (service crash) via a long request. Desbordamiento de pila en el servicio de proxy HTTP en el servidor Alcatel-Lucent OmniVista 4760 anterior a vR5.1.06.03.c_Patch3 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída del servicio) a través de una solicitud larga. • http://secunia.com/advisories/41508 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 27%CPEs: 10EXPL: 0CVE-2008-4383
https://notcve.org/view.php?id=CVE-2008-4383
03 Oct 2008 — Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie. Desbordamiento de búfer basado en pila en el servidor web de gestión embebido Agranet-Emweb de Alcatel OmniSwitch dispositivos OS... • http://secunia.com/advisories/31435 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 59%CPEs: 2EXPL: 1CVE-2008-1331 – Alcatel OmniPCX Office 210/061.1 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2008-1331
02 Apr 2008 — cgi-data/FastJSData.cgi in OmniPCX Office with Internet Access services OXO210 before 210/091.001, OXO600 before 610/014.001, and other versions, allows remote attackers to execute arbitrary commands and "obtain OXO resources" via shell metacharacters in the id2 parameter. El archivo cgi-data/FastJSData.cgi en OmniPCX Office con servicios Internet Access OXO210 versiones anteriores a 210/091.001, OXO600 versiones anteriores a 610/014.001, y otras versiones, permite a los atacantes remotos ejecutar comandos ... • https://www.exploit-db.com/exploits/5662 • CWE-20: Improper Input Validation •
CVSS: 8.5EPSS: 2%CPEs: 1EXPL: 0CVE-2007-5361
https://notcve.org/view.php?id=CVE-2007-5361
20 Nov 2007 — The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service (loss of audio) or intercept voice communications via a crafted TFTP request containing the phone's MAC address in the filename. EL Communication Server en Alcatel-Lucent OmniPCX Enterprise 7.1 y anteriores cachea una... • http://osvdb.org/40522 •
CVSS: 6.1EPSS: 4%CPEs: 1EXPL: 2CVE-2007-5190 – Alcatel Lucent Omnivista 4760 - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-5190
22 Oct 2007 — Multiple cross-site scripting (XSS) vulnerabilities in Alcatel OmniVista 4760 R4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the action parameter to php-bin/Webclient.php or (2) the Langue parameter to the default URI. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Alcatel OmniVista 4760 R4.2 y versiones anteriores permiten a atacantes remotos inyectar scripts web o HTML de su elección mediante (1) el parámetro action en php-bin/Webcl... • https://www.exploit-db.com/exploits/30691 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2007-2512
https://notcve.org/view.php?id=CVE-2007-2512
07 Jun 2007 — Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0 and later enables the mini switch by default, which allows attackers to gain access to the voice VLAN via daisy-chained systems. El Teléfono de Alcatel-Lucent IP-Touch corriendo bajo OmniPCX Enterprise 7.0 y versiones posteriores habilita un mini conmutador por defecto, lo que permite a atacantes obtener el acceso a la VLAN de voz a través de sistemas con conexión en cadena. • http://cert.uni-stuttgart.de/advisories/al-ip-touch-vlan-filtering.php •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2007-1822
https://notcve.org/view.php?id=CVE-2007-1822
02 Apr 2007 — Alcatel-Lucent Lucent Technologies voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID). Los sistemas de mensajería por voz de Alcatel-Lucent Lucent Technologies permite a atacantes remotos recuperar o borrar mensajes o reconfigurar los buzones de correo, suplantando el Número de identificación de la llamada (CNID, también conocido como Caller ID). • http://osvdb.org/34985 •