CVSS: 7.4EPSS: 0%CPEs: 7EXPL: 0CVE-2024-29149
https://notcve.org/view.php?id=CVE-2024-29149
07 May 2024 — An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8_NOE-R300.1.40.12.4180 and SIP deskphones through 86x8_SIP-R200.1.01.10.728. Because of a time-of-check time-of-use vulnerability, an authenticated attacker is able to replace the verified firmware image with malicious firmware during the update process. Se descubrió un problema en los teléfonos de escritorio Alcatel-Lucent ALE NOE hasta 86x8_NOE-R300.1.40.12.4180 y en los teléfonos de escritorio SIP hasta 86x8_SIP-R200.1.01.10.728. De... • https://www.al-enterprise.com/-/media/assets/internet/documents/n-to-s/sa-c0071-ed01.pdf • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 10.0EPSS: 23%CPEs: 3EXPL: 4CVE-2016-9796 – Alcatel Lucent Omnivista 8770 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2016-9796
03 Dec 2016 — Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs interfaces, which can be queried using the GIOP protocol on TCP port 30024. An attacker can bypass authentication, and OmniVista invokes methods (AddJobSet, AddJob, and ExecuteNow) that can be used to run arbitrary commands on the server, with the privilege of NT AUTHORITY\SYSTEM on the server. NOTE: The discoverer states "The vendor position is to refer to the technical guidelines of the product security deployment to mitigate this issue,... • https://packetstorm.news/files/id/140026 • CWE-264: Permissions, Privileges, and Access Controls CWE-287: Improper Authentication •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2015-8687 – Alcatel Lucent Home Device Manager Cross Site Scripting
https://notcve.org/view.php?id=CVE-2015-8687
05 Jan 2016 — Multiple cross-site scripting (XSS) vulnerabilities in the Management Console in Alcatel-Lucent Motive Home Device Manager (HDM) before 4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceTypeID parameter to DeviceType/getDeviceType.do; the (2) policyActionClass or (3) policyActionName parameter to PolicyAction/findPolicyActions.do; the deviceID parameter to (4) SingleDeviceMgmt/getDevice.do or (5) device/editDevice.do; the operation parameter to (6) ajax.do or (7) xmlHttp.do... • https://packetstorm.news/files/id/135133 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-6498 – Alcatel-Lucent Home Device Manager Spoofing
https://notcve.org/view.php?id=CVE-2015-6498
03 Nov 2015 — Alcatel-Lucent Home Device Manager before 4.1.10, 4.2.x before 4.2.2 allows remote attackers to spoof and make calls as target devices. Alcatel-Lucent Home Device Manager en versiones anteriores a la 4.1.10, y en versiones 4.2.x anteriores a la 4.2.2 permite que atacantes remotos hagan una suplantación y realicen llamadas como dispositivos objetivo. A vulnerability has been discovered in the TR069 protocol that can potentially affect all Automatic Configuration Servers (ACS). The issue has been fixed in the... • http://packetstormsecurity.com/files/134191/Alcatel-Lucent-Home-Device-Manager-Spoofing.html • CWE-254: 7PK - Security Features •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2015-4586 – CellPipe 7130 Cross Site Request Forgery
https://notcve.org/view.php?id=CVE-2015-4586
16 Jun 2015 — Cross-site request forgery (CSRF) vulnerability in Alcatel-Lucent CellPipe 7130 RG 5Ae.M2013 HOL with firmware 1.0.0.20h.HOL allows remote attackers to hijack the authentication of administrators for requests that create a user account via an add_user action in a request to password.cmd. Vulnerabilidad de CSRF en Alcatel-Lucent CellPipe 7130 RG 5Ae.M2013 HOL con firmware 1.0.0.20h.HOL permite a atacantes remotos secuestrar la autenticación de administradores para solicitudes que crean una cuenta de usuario ... • https://packetstorm.news/files/id/132324 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2015-4587 – CellPipe 7130 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2015-4587
16 Jun 2015 — Cross-site scripting (XSS) vulnerability in the Alcatel-Lucent CellPipe 7130 router with firmware 1.0.0.20h.HOL allows remote attackers to inject arbitrary web script or HTML via the "Custom application" field in the "port triggering" menu. Vulnerabilidad de XSS en el router Alcatel-Lucent CellPipe 7130 con firmware 1.0.0.20h.HOL permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través del campo 'Custom application' en el menú 'port triggering'. CellPipe 7130 router versio... • https://packetstorm.news/files/id/132327 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 4CVE-2015-2804 – Alcatel-Lucent OmniSwitch Web Interface Weak Session ID
https://notcve.org/view.php?id=CVE-2015-2804
10 Jun 2015 — The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack. La gestión de la interfaz web en Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400 y 6855 con firmware en versiones anteriores a 6.6.4.309.R01 y 6.6.5.x en versiones anteriores a 6.6.5.80.R02 genera identificadores de ... • https://packetstorm.news/files/id/132235 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 1%CPEs: 17EXPL: 5CVE-2015-2805 – Alcatel-Lucent OmniSwitch - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2015-2805
10 Jun 2015 — Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request. Vulnerabilidad de CSRF en sec/content/sec_asa_users_local_db_add.htm... • https://packetstorm.news/files/id/132236 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2013-4653
https://notcve.org/view.php?id=CVE-2013-4653
20 Aug 2013 — Multiple cross-site scripting (XSS) vulnerabilities in the signin functionality of ics in MyTeamwork services in Alcatel-Lucent Omnitouch 8660 My Teamwork before 6.7, Omnitouch 8670 Automated Message Delivery System (AMDS) before 6.7, Omnitouch 8460 Advanced Communication Server before 9.1, and OmniTouch 8400 Instant Communications Suite before 6.7.3 (1) allow remote attackers to inject arbitrary web script or HTML via a crafted URL that results in a reflected XSS or (2) allow user-assisted remote attackers... • http://osvdb.org/94810 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2011-0344
https://notcve.org/view.php?id=CVE-2011-0344
08 Mar 2011 — Multiple stack-based buffer overflows in unspecified CGI programs in the Unified Maintenance Tool web interface in the embedded web server in the Communication Server (CS) in Alcatel-Lucent OmniPCX Enterprise before R9.0 H1.301.50 allow remote attackers to execute arbitrary code via crafted HTTP headers. Desbordamiento de búfer basado en pila en programas CGI no especificados en el interface Web del Unified Maintenance Tool del servidor embebido del Communication Server (CS) en Alcatel-Lucent OmniPCX Enterp... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=896 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •