CVE-2010-3281
https://notcve.org/view.php?id=CVE-2010-3281
Stack-based buffer overflow in the HTTP proxy service in Alcatel-Lucent OmniVista 4760 server before R5.1.06.03.c_Patch3 allows remote attackers to execute arbitrary code or cause a denial of service (service crash) via a long request. Desbordamiento de pila en el servicio de proxy HTTP en el servidor Alcatel-Lucent OmniVista 4760 anterior a vR5.1.06.03.c_Patch3 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída del servicio) a través de una solicitud larga. • http://secunia.com/advisories/41508 http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2010002.pdf http://www.nruns.com/_downloads/nruns-SA-2010-002.pdf http://www.securityfocus.com/archive/1/513865 http://www.securityfocus.com/archive/1/513866 http://www.securityfocus.com/bid/43338 http://www.vupen.com/english/advisories/2010/2460 https://exchange.xforce.ibmcloud.com/vulnerabilities/61922 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-3279
https://notcve.org/view.php?id=CVE-2010-3279
The default configuration of the CCAgent option before 9.0.8.4 in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition enables maintenance access, which allows remote attackers to monitor or reconfigure Contact Center operations via vectors involving TSA_maintenance.exe. La configuración por defecto de la opción CCAgent anterior a v9.0.8.4 en el servidor de administración (también conocido como TSA) de Alcatel-Lucent OmniTouch Contact Center Standard Edition permite el acceso de mantenimiento, el cual permite a atacantes remotos controlar o reconfigurar las operaciones del Contact Center a través de vectores que comprenden TSA_maintenance.exe • http://secunia.com/advisories/41509 http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2010001.pdf http://www.nruns.com/_downloads/nruns-SA-2010-001.pdf http://www.securityfocus.com/archive/1/513869 http://www.securityfocus.com/bid/43340 http://www.vupen.com/english/advisories/2010/2459 https://exchange.xforce.ibmcloud.com/vulnerabilities/61921 • CWE-16: Configuration •
CVE-2010-3280
https://notcve.org/view.php?id=CVE-2010-3280
The CCAgent option 9.0.8.4 and earlier in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition relies on client-side authorization checking, and unconditionally sends the SuperUser password to the client for use during an authorized session, which allows remote attackers to monitor or reconfigure Contact Center operations via a modified client application. La opción CCAgent v9.0.8.4 y anteriores en el servidor de gestión (también conocido como TSA) en Alcatel-Lucent OmniTouch Contact Center Standard Edition, cuenta con una validación del lado del cliente y de modo no condicional envía la contraseña de root al cliente para usarlo en una sesión autorizada, lo que permite a atacantes remotos monitorizar o reconfigurar las operaciones "Contact Center" a través de una aplicación cliente modificada. • http://secunia.com/advisories/41547 http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2010001.pdf http://www.nruns.com/_downloads/nruns-SA-2010-001.pdf http://www.securityfocus.com/archive/1/513869 http://www.securityfocus.com/bid/43340 http://www.vupen.com/english/advisories/2010/2459 https://exchange.xforce.ibmcloud.com/vulnerabilities/61920 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-4383
https://notcve.org/view.php?id=CVE-2008-4383
Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie. Desbordamiento de búfer basado en pila en el servidor web de gestión embebido Agranet-Emweb de Alcatel OmniSwitch dispositivos OS7000, OS6600, OS6800, OS6850, y OS9000 Series con AoS 5.1 versiones anteriores a v5.1.6.463.R02, 5.4 versiones anteriores a v5.4.1.429.R01, 6.1.3 versiones anteriores a v6.1.3.965.R01, 6.1.5 versiones anteriores a v6.1.5.595.R01, y 6.3 versiones anteriores a v6.3.1.966.R01 permite a atacantes remotos ejecutar código de su elección a través de una cookie Session. • http://secunia.com/advisories/31435 http://securityreason.com/securityalert/4347 http://www.layereddefense.com/alcatel12aug.html http://www.securityfocus.com/archive/1/495343/100/0/threaded http://www.securityfocus.com/bid/30652 http://www.securitytracker.com/id?1020657 http://www.vupen.com/english/advisories/2008/2346 http://www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitch.htm https://exchange.xforce.ibmcloud.com/vulnerabilities/44400 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-1331 – Alcatel OmniPCX Office 210/061.1 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2008-1331
cgi-data/FastJSData.cgi in OmniPCX Office with Internet Access services OXO210 before 210/091.001, OXO600 before 610/014.001, and other versions, allows remote attackers to execute arbitrary commands and "obtain OXO resources" via shell metacharacters in the id2 parameter. El archivo cgi-data/FastJSData.cgi en OmniPCX Office con servicios Internet Access OXO210 versiones anteriores a 210/091.001, OXO600 versiones anteriores a 610/014.001, y otras versiones, permite a los atacantes remotos ejecutar comandos arbitrarios y "obtain OXO resources" por medio de metacaracteres shell en el parámetro id2. • https://www.exploit-db.com/exploits/5662 http://secunia.com/advisories/29798 http://www.securityfocus.com/archive/1/492383/100/0/threaded http://www.securityfocus.com/bid/28758 http://www.securitytracker.com/id?1020082 http://www.vupen.com/english/advisories/2008/1057 http://www1.alcatel-lucent.com/psirt/statements/2008001/OXOrexec.htm https://exchange.xforce.ibmcloud.com/vulnerabilities/41560 • CWE-20: Improper Input Validation •