CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2011-0345
https://notcve.org/view.php?id=CVE-2011-0345
Directory traversal vulnerability in the NMS server in Alcatel-Lucent OmniVista 4760 R5.1.06.03 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in HTTP GET requests, related to the lang variable. Vulnerabilidad de salto de directorio en el servidor NMS en Alcatel-Lucent OmniVista 4760 R5.1.06.03 y anteriores, permite a atacantes remotos leer ficheros locales de su elección al utilizar secuencias transversales en peticiones HTTP GET, relacionado con la variable lang. • http://seclists.org/fulldisclosure/2011/Mar/8 http://secunia.com/advisories/43507 http://securityreason.com/securityalert/8122 http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2011002.pdf http://www.securityfocus.com/archive/1/516768/100/0/threaded http://www.securityfocus.com/bid/46624 http://www.vupen.com/english/advisories/2011/0548 https://exchange.xforce.ibmcloud.com/vulnerabilities/65848 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.8EPSS: 4%CPEs: 6EXPL: 0CVE-2011-0344
https://notcve.org/view.php?id=CVE-2011-0344
Multiple stack-based buffer overflows in unspecified CGI programs in the Unified Maintenance Tool web interface in the embedded web server in the Communication Server (CS) in Alcatel-Lucent OmniPCX Enterprise before R9.0 H1.301.50 allow remote attackers to execute arbitrary code via crafted HTTP headers. Desbordamiento de búfer basado en pila en programas CGI no especificados en el interface Web del Unified Maintenance Tool del servidor embebido del Communication Server (CS) en Alcatel-Lucent OmniPCX Enterprise before R9.0 H1.301.50, permite a atacantes remotos ejecutar código de su elección a través de una cabecera HTTP manipulada. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=896 http://secunia.com/advisories/43588 http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2011001.pdf http://www.securityfocus.com/bid/46640 http://www.vupen.com/english/advisories/2011/0549 https://exchange.xforce.ibmcloud.com/vulnerabilities/65849 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.4EPSS: 7%CPEs: 5EXPL: 0CVE-2010-3281
https://notcve.org/view.php?id=CVE-2010-3281
Stack-based buffer overflow in the HTTP proxy service in Alcatel-Lucent OmniVista 4760 server before R5.1.06.03.c_Patch3 allows remote attackers to execute arbitrary code or cause a denial of service (service crash) via a long request. Desbordamiento de pila en el servicio de proxy HTTP en el servidor Alcatel-Lucent OmniVista 4760 anterior a vR5.1.06.03.c_Patch3 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída del servicio) a través de una solicitud larga. • http://secunia.com/advisories/41508 http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2010002.pdf http://www.nruns.com/_downloads/nruns-SA-2010-002.pdf http://www.securityfocus.com/archive/1/513865 http://www.securityfocus.com/archive/1/513866 http://www.securityfocus.com/bid/43338 http://www.vupen.com/english/advisories/2010/2460 https://exchange.xforce.ibmcloud.com/vulnerabilities/61922 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 1%CPEs: 3EXPL: 0CVE-2010-3279
https://notcve.org/view.php?id=CVE-2010-3279
The default configuration of the CCAgent option before 9.0.8.4 in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition enables maintenance access, which allows remote attackers to monitor or reconfigure Contact Center operations via vectors involving TSA_maintenance.exe. La configuración por defecto de la opción CCAgent anterior a v9.0.8.4 en el servidor de administración (también conocido como TSA) de Alcatel-Lucent OmniTouch Contact Center Standard Edition permite el acceso de mantenimiento, el cual permite a atacantes remotos controlar o reconfigurar las operaciones del Contact Center a través de vectores que comprenden TSA_maintenance.exe • http://secunia.com/advisories/41509 http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2010001.pdf http://www.nruns.com/_downloads/nruns-SA-2010-001.pdf http://www.securityfocus.com/archive/1/513869 http://www.securityfocus.com/bid/43340 http://www.vupen.com/english/advisories/2010/2459 https://exchange.xforce.ibmcloud.com/vulnerabilities/61921 • CWE-16: Configuration •
CVSS: 6.9EPSS: 1%CPEs: 3EXPL: 0CVE-2010-3280
https://notcve.org/view.php?id=CVE-2010-3280
The CCAgent option 9.0.8.4 and earlier in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition relies on client-side authorization checking, and unconditionally sends the SuperUser password to the client for use during an authorized session, which allows remote attackers to monitor or reconfigure Contact Center operations via a modified client application. La opción CCAgent v9.0.8.4 y anteriores en el servidor de gestión (también conocido como TSA) en Alcatel-Lucent OmniTouch Contact Center Standard Edition, cuenta con una validación del lado del cliente y de modo no condicional envía la contraseña de root al cliente para usarlo en una sesión autorizada, lo que permite a atacantes remotos monitorizar o reconfigurar las operaciones "Contact Center" a través de una aplicación cliente modificada. • http://secunia.com/advisories/41547 http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2010001.pdf http://www.nruns.com/_downloads/nruns-SA-2010-001.pdf http://www.securityfocus.com/archive/1/513869 http://www.securityfocus.com/bid/43340 http://www.vupen.com/english/advisories/2010/2459 https://exchange.xforce.ibmcloud.com/vulnerabilities/61920 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •