CVE-2017-12969 – Avaya IP Office (IPO) < 10.1 - ActiveX Buffer Overflow
https://notcve.org/view.php?id=CVE-2017-12969
Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method. Desbordamiento de búfer en el control ViewerCtrlLib.ViewerCtrl de ActiveX en Avaya IP Office Contact Center, en versiones anteriores a la 10.1.1, permite que atacantes remotos provoquen una denegación de servicio (corrupción de memoria dinámica o heap y cierre inesperado) o ejecuten código arbitrario mediante una cadena larga para el método open. Avaya IP Office (IPO) versions 9.1.0 through 10.1 suffer from an active-x buffer overflow vulnerability. • https://www.exploit-db.com/exploits/43120 http://downloads.avaya.com/css/P8/documents/101044091 http://hyp3rlinx.altervista.org/advisories/AVAYA-OFFICE-IP-%28IPO%29-v9.1.0-10.1-VIEWERCTRL-ACTIVE-X-BUFFER-OVERFLOW-0DAY.txt http://packetstormsecurity.com/files/144882/Avaya-IP-Office-IPO-10.1-Active-X-Buffer-Overflow.html http://seclists.org/fulldisclosure/2017/Nov/17 http://www.securityfocus.com/bid/101667 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-5285 – nss: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash
https://notcve.org/view.php?id=CVE-2016-5285
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service. Existe una vulnerabilidad de desreferencia de puntero nulo en Mozilla Network Security Services debido a una falta de verificación NULL en PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, lo que podría permitir que un usuario malintencionado remoto cause una Denegación de servicio. A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS. • http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html http://rhn.redhat.com/errata/RHSA-2016-2779.html http://www.securityfocus.com/bid/94349 http://www.ubuntu.com/usn/USN-3163-1 https://bto.bluecoat.com/security-advisory/sa137 https://bugzilla.mozilla.org/show_bug.cgi?id=1306103 https://security.gentoo.org/glsa • CWE-476: NULL Pointer Dereference •
CVE-2012-3811 – Avaya IP Office Customer Call Reporter ImageUpload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-3811
Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.13 Q1 2012 Maintenance Release allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it via a direct request. Vulnerabilidad de subida de fichero no restringido en ImageUpload.ashx en la aplicación Wallboard en Avaya IP Office Customer Call Reporter v7.0 anteriores a v7.0.5.8 Q1 2012 Maintenance Release y v8.0 anteriores a v8.0.9.13 Q1 2012 Maintenance Release, permite a atacantes remotos ejecutar código subiendo un fichero ejecutable y accediendo a él a través de una petición directa. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Avaya IP Office Customer Call Reporter. Authentication is not required to exploit this vulnerability. The specific flaw exists because Avaya IP Office Customer Call Reporter allows unauthenticated users to upload files to the webserver through ImageUpload.ashx. The uploaded files will not be stripped of their file extensions and the directory where they are uploaded to has no scripting restrictions. • https://www.exploit-db.com/exploits/21847 http://zerodayinitiative.com/advisories/ZDI-12-106 https://downloads.avaya.com/css/P8/documents/100164021 •
CVE-2005-0506 – Avaya IP Office Phone Manager - Local Password Disclosure
https://notcve.org/view.php?id=CVE-2005-0506
The Avaya IP Office Phone Manager, and other products such as the IP Softphone, stores sensitive data in cleartext in a registry key, which allows local and possibly remote users to steal usernames and passwords and impersonate other users via keys such as Avaya\IP400\Generic. • https://www.exploit-db.com/exploits/839 http://marc.info/?l=bugtraq&m=110909733831694&w=2 http://marc.info/?l=bugtraq&m=110910486128709&w=2 http://support.avaya.com/elmodocs2/security/ASA-2005-041_Sensitive_Info_Leak.pdf •