Lucene search
K

626 matches found

NVD
NVD
added 2009/03/31 5:30 p.m.23 views

CVE-2008-6564

Nortel UNIStim protocol, as used in Communication Server 1000 and other products, uses predictable sequence numbers, which allows remote attackers to hijack sessions via sniffing or brute force attacks...

7.6CVSS6.7AI score0.02244EPSS
Exploits0References7
Cvelist
Cvelist
added 2009/03/31 5:0 p.m.24 views

CVE-2008-6564

Nortel UNIStim protocol, as used in Communication Server 1000 and other products, uses predictable sequence numbers, which allows remote attackers to hijack sessions via sniffing or brute force attacks...

6.7AI score0.02244EPSS
Exploits0References7
CVE
CVE
added 2009/03/31 5:0 p.m.44 views

CVE-2008-6564

The CVE-2008-6564 entry describes a vulnerability in the Nortel UNIStim protocol (used in Communication Server 1000 and related products) where predictable sequence numbers enable session hijacking. This could allow remote attackers to hijack sessions by sniffing traffic or brute-forcing sequence...

7.6CVSS6.9AI score0.02244EPSS
Exploits0References7Affected Software2
NVD
NVD
added 2009/01/08 6:30 p.m.18 views

CVE-2008-5872

Multiple unspecified vulnerabilities in the UNIStim File Transfer Protocol UFTP processing in IP Client Manager IPCM in Nortel Multimedia Communication Server MSC 5100 3.0.13 allow remote attackers to cause a denial of service device outage via a UFTP message that has a negative block size or oth...

7.8CVSS6.9AI score0.01916EPSS
Exploits0References6
Cvelist
Cvelist
added 2009/01/08 6:13 p.m.21 views

CVE-2008-5872

Multiple unspecified vulnerabilities in the UNIStim File Transfer Protocol UFTP processing in IP Client Manager IPCM in Nortel Multimedia Communication Server MSC 5100 3.0.13 allow remote attackers to cause a denial of service device outage via a UFTP message that has a negative block size or oth...

6.9AI score0.01916EPSS
Exploits0References6
seebug.org
seebug.org
added 2008/10/15 12:0 a.m.33 views

Nortel Networks多媒体通讯服务器UFTP消息拒绝服务漏洞

BUGTRAQ ID: 31633 Nortel通信服务器是一种基于服务器的全能IP PBX,具有融合网络、高级应用和多种电话功能的优势。 Nortel通信服务器使用UNIStim文件传输协议(UFTP)传输消息,该消息没有正确地处理UFTP消息,如果远程攻击者在消息中包含了特制的Connection Details字段值的话,就可能导致拒绝服务的情况。 Nortel Networks Multimedia Communications Server 5100 3.0.13 Nortel Networks ---------------...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2008/10/09 12:0 a.m.32 views

Nortel MCS 5100 UFTP多个拒绝服务漏洞

BUGTRAQ ID: 31633 CNCAN ID:CNCAN-2008100911 Nortel MCS 5100是一款多媒体通信服务器。 Nortel MCS 5100使用UNIStim文件传送协议UFTP,UFTP可在可靠的UDP上通过UNIStim控制通道来传送。处理UFTP消息存在缺陷,控制多个连接细节字段Connection Details fields的值可导致多个拒绝服务攻击。 Nortel Networks MCS 5100 3.0.13 Nortel Networks MCS 5100 3.0 MCS 5100 3.5.9已经修正此漏洞:...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2008/06/28 12:0 a.m.22 views

Nortel通讯服务器命令处理拒绝服务漏洞

Nortel通信服务器是一种基于服务器的全能IP PBX,具有融合网络、高级应用和多种电话功能的优势。 Nortel通信服务器的命令交换机制中存在漏洞,如果远程攻击者发送了超大但有效的命令报文的话,就会导致设备拒绝服务。 Nortel Networks Communications Server 1000 4.50.x Nortel Networks --------------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.nortelnetworks.com/index.html...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2008/04/15 12:0 a.m.18 views

Nortel Networks Communication Server多个安全漏洞

BUGTRAQ ID: 28691 Nortel Networks的Communication Server是基于服务器的IP PBX设备,可提供成熟的网络电话服务。 Nortel Communication Server中存在多个安全漏洞,允许恶意用户绕过某些安全限制、泄露敏感信息、导致拒绝服务或入侵有漏洞的系统。 1 处理UNIStim IT序列号中的错误可能导致伪造UNIStim客户端命令,成功攻击要求能够猜测到正确的序列号。 2 16个硬编码的帐号和口令允许写访问受影响的系统。 3 命令交换机制中的错误可能导致注入任意命令。 Novell Communication Server...

6.9AI score
Exploits0
Prion
Prion
added 2007/11/20 7:46 p.m.12 views

Design/Logic Flaw

The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service lo...

8.5CVSS7.1AI score0.02354EPSS
Exploits1References10Affected Software1
NVD
NVD
added 2007/11/20 7:46 p.m.21 views

CVE-2007-5361

The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service lo...

8.5CVSS6.6AI score0.02354EPSS
Exploits1References10
securityvulns
securityvulns
added 2007/10/20 12:0 a.m.35 views

Nortel Unistream IP Phone / Softphone / Communication Server multiple security vulnerabilities

Buffer overflow, eavesdroping. multiple DoS conditions...

2.4AI score
Exploits0References5Affected Software11
exploitpack
exploitpack
added 2007/09/17 12:0 a.m.24 views

Alcatel-Lucent OmniPCX Enterprise Communication Server 7.1 - masterCGI Command Injection (Metasploit)

Alcatel-Lucent OmniPCX Enterprise Communication Server 7.1 - masterCGI Command Injection Metasploit $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing a...

0.3AI score0.97759EPSS
Exploits8
seebug.org
seebug.org
added 2007/06/22 12:0 a.m.50 views

Ingress数据库服务器多个堆溢出漏洞

Ingres是很多CA产品默认所使用的数据库后端。 CA产品所捆绑Ingres数据库服务器在处理请求数据时存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞控制服务器。 Ingres数据库服务器的通讯服务器(iigcc.exe)和数据访问服务器(iigcd.exe)组件没有正确验证用户所提供数据的长度便将数据拷贝到了固定大小的堆缓冲区。如果远程攻击者在10916(iigcc)或10923(iigcd)端口上建立的TCP会话的话,就可以向数据库服务器发送畸形请求触发漏洞,导致执行任意指令。 Computer Associates eTrust Secure Content Manager r8...

7.1AI score
Exploits0
NVD
NVD
added 2005/11/29 10:3 p.m.10 views

CVE-2005-3900

Macromedia Breeze Communication Server and Breeze Live Server does 5.1 and earlier not sufficiently validate certain RTMP data, which allows attackers to cause a denial of service instability or crash, as demonstrated using an alpha release build of Flash Player 8.5 build 133...

7.8CVSS6.6AI score0.01695EPSS
Exploits0References7
NVD
NVD
added 2005/11/29 10:3 p.m.16 views

CVE-2005-3901

Macromedia Flash Communication Server MX 1.0 and 1.5 does not sufficiently validate certain RTMP data, which allows attackers to cause a denial of service instability or crash, as demonstrated using an alpha release build of Flash Player 8.5 build 133...

7.8CVSS6.7AI score0.01491EPSS
Exploits0References5
Cvelist
Cvelist
added 2005/11/29 10:0 p.m.21 views

CVE-2005-3901

Macromedia Flash Communication Server MX 1.0 and 1.5 does not sufficiently validate certain RTMP data, which allows attackers to cause a denial of service instability or crash, as demonstrated using an alpha release build of Flash Player 8.5 build 133...

6.7AI score0.01491EPSS
Exploits0References5
Cvelist
Cvelist
added 2005/11/29 10:0 p.m.16 views

CVE-2005-3900

Macromedia Breeze Communication Server and Breeze Live Server does 5.1 and earlier not sufficiently validate certain RTMP data, which allows attackers to cause a denial of service instability or crash, as demonstrated using an alpha release build of Flash Player 8.5 build 133...

6.6AI score0.01695EPSS
Exploits0References7
CVE
CVE
added 2005/11/29 10:0 p.m.46 views

CVE-2005-3901

CVE-2005-3901 affects Macromedia Flash Communication Server MX 1.0 and 1.5, where certain RTMP data is not properly validated, enabling a denial of service (instability or crash). The vulnerability is demonstrated using an alpha release build of Flash Player 8.5 (build 133). The connected documen...

7.8CVSS7AI score0.01491EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2005/11/29 10:0 p.m.36 views

CVE-2005-3900

CVE-2005-3900 affects Macromedia Breeze Communication Server and Breeze Live Server (version 5.1 and earlier). The vulnerability arises from insufficient validation of certain RTMP data, which can cause a denial of service (instability or crash). The NVD description notes this was demonstrated wi...

7.8CVSS7AI score0.01695EPSS
Exploits0References7
Rows per page
Query Builder