3 results (0.006 seconds)

CVSS: 5.0EPSS: 3%CPEs: 2EXPL: 0

Unspecified vulnerability in Avaya IP Softphone 6.0 SP4 and 6.01.85 allows remote attackers to cause a denial of service (crash) via a large amount of H.323 data. Vulnerabilidad no especificada en Avaya IP Softphone v6.0 SP4 y v6.01.85 permite a atacantes remotos provocar una denegación de servicio (caída) al utilizar una gran cantidad de datos H.323. • http://secunia.com/advisories/32206 http://support.avaya.com/elmodocs2/security/ASA-2008-363.htm http://www.securityfocus.com/bid/31635 http://www.voipshield.com/research-details.php?id=125 http://www.vupen.com/english/advisories/2008/2775 https://exchange.xforce.ibmcloud.com/vulnerabilities/45745 • CWE-399: Resource Management Errors •

CVSS: 6.8EPSS: 2%CPEs: 2EXPL: 0

Multiple buffer overflows in unspecified ActiveX controls in COM objects in Avaya IP Softphone R5.2 before SP3, and R6.0, allow remote attackers to execute arbitrary code via unspecified vectors. Múltiples desbordamientos de búfer en controles ActiveX en objetos COM de Avaya IP Softphone R5.2 anterior a SP3, y R6.0, permite a atacantes remotos ejecutar código de su elección mediante vectores no especificados. • http://osvdb.org/38258 http://support.avaya.com/elmodocs2/security/ASA-2007-314.htm http://www.securityfocus.com/bid/25707 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 3%CPEs: 2EXPL: 1

The Avaya IP Office Phone Manager, and other products such as the IP Softphone, stores sensitive data in cleartext in a registry key, which allows local and possibly remote users to steal usernames and passwords and impersonate other users via keys such as Avaya\IP400\Generic. • https://www.exploit-db.com/exploits/839 http://marc.info/?l=bugtraq&m=110909733831694&w=2 http://marc.info/?l=bugtraq&m=110910486128709&w=2 http://support.avaya.com/elmodocs2/security/ASA-2005-041_Sensitive_Info_Leak.pdf •