CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 0CVE-2008-6706
https://notcve.org/view.php?id=CVE-2008-6706
10 Apr 2009 — Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts "subscriber table passwords," (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts "subscriber table passwords." Múltiples vulnerab... • http://osvdb.org/46602 •
CVSS: 9.1EPSS: 0%CPEs: 13EXPL: 0CVE-2008-6707
https://notcve.org/view.php?id=CVE-2008-6707
10 Apr 2009 — The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an "unnecessary default application," (4) unspecified scripts in the states folder, (5) an unspecified "default application" that... • http://osvdb.org/46598 • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 1%CPEs: 12EXPL: 0CVE-2008-6708
https://notcve.org/view.php?id=CVE-2008-6708
10 Apr 2009 — Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x and 4.x, allows remote authenticated administrators to gain root privileges via unknown vectors related to configuration of "data viewing or restoring parameters." Vulnerabilidad no especificada en el interfase de administración web de Avaya SIP Enablement Services (SES)v3.x y v4.0, como las usadas en Avaya Communication Manager v3.1.x y v4.x, permite a... • http://osvdb.org/46604 •
CVSS: 9.0EPSS: 1%CPEs: 13EXPL: 0CVE-2008-6709
https://notcve.org/view.php?id=CVE-2008-6709
10 Apr 2009 — Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of "local data viewing or restoring parameters." Vulnerabilidad no especificada en el interfase de administración web de Avaya SIP Enablement Services (SES)v3.x y v4.0, como las usadas en Avaya Communication Manager v3.1.x, permite a usuarios re... • http://secunia.com/advisories/30751 •
CVSS: 9.0EPSS: 1%CPEs: 11EXPL: 0CVE-2008-6710
https://notcve.org/view.php?id=CVE-2008-6710
10 Apr 2009 — Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated administrators to gain root privileges via unknown vectors related to "configuring data viewing or restoring credentials." Vulnerabilidad no especificada en el interfase de administración web de Avaya Communication Manager v3.1.x anteriores a CM v3.1.4 SP2 y v4.0.x anteriores a v4.0.3 SP1 permite a administradores remotos autentificados... • http://secunia.com/advisories/30799 •
CVSS: 9.0EPSS: 1%CPEs: 11EXPL: 0CVE-2008-6711
https://notcve.org/view.php?id=CVE-2008-6711
10 Apr 2009 — Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated users to execute arbitrary commands via unknown vectors related to "viewing system logs." Vulnerabilidad no especificada en el interfase de administración Web en Avaya Communication Manager v3.1.x anteriores a CM v3.1.4 SP2 y v4.0.x anteriores v4.0.3 SP1 permiten a usuarios remotos autentificados, ejecutar comandos de su elección a trav... • http://secunia.com/advisories/30799 •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2008-6573
https://notcve.org/view.php?id=CVE-2008-6573
01 Apr 2009 — Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to the SIP ser... • http://osvdb.org/44284 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 0CVE-2008-6574
https://notcve.org/view.php?id=CVE-2008-6574
01 Apr 2009 — Unspecified vulnerability in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote attackers to gain privileges and cause a denial of service via unknown vectors related to reuse of valid credentials. Vulnerabilidad no especificada en SIP Enablement Services (SES) en Avaya Communication Manager 3.1.x y 4.x permite a atacantes remotos conseguir privilegios y provocar una denegación de servicio a través de vectores desconocidos relacionados con reutilizar credenciales válida... • http://osvdb.org/44288 •
CVSS: 6.8EPSS: 0%CPEs: 14EXPL: 0CVE-2008-6575
https://notcve.org/view.php?id=CVE-2008-6575
01 Apr 2009 — Unspecified vulnerability in the SIP server in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote authenticated users to cause a denial of service (resource consumption) via unknown vectors. Vulnerabilidad no especificada en el servidor SIP en SIP Enablement Services (SES) en Avaya Communication Manager 3.1.x y 4.x permite a usuarios remotos autenticados provocar una denegación de servicio (consumo de recursos) a través de vectores desconocidos. • http://osvdb.org/44287 •
CVSS: 9.0EPSS: 5%CPEs: 12EXPL: 0CVE-2008-5709
https://notcve.org/view.php?id=CVE-2008-5709
24 Dec 2008 — Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components. Múltiples vulnerabilidades sin especificar en la interfaz de gestión web en Avaya Communication Manager (CM) 3.1 antes de 3.1.4 SP2, 4.0 antes de 4.0.3 SP1 y 5.0 antes de 5.0 SP3 permite a u... • http://secunia.com/advisories/32204 • CWE-20: Improper Input Validation •