251 matches found
rt-sa-2007-001.txt
Advisory: Alcatel-Lucent OmniPCX Remote Command Execution RedTeam Pentesting discovered a remote command execution in the Alcatel-Lucent OmniPCX during a penetration test. The masterCGI script of the OmniPXC integrated communication solution web interface is vulnerable to a remote command...
Alcatel-Lucent OmniPCX Enterprise 7.1 - Remote Command Execution
Alcatel-Lucent OmniPCX Enterprise 7.1 - Remote Command Execution source: https://www.securityfocus.com/bid/25694/info Alcatel-Lucent OmniPCX Enterprise is prone to a remote command-execution vulnerability because it fails to adequately sanitize user-supplied data. Attackers can exploit this issue...
Alcatel-Lucent OmniPCX Enterprise Communication Server <= 7.1 masterCGI Command Injection
No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...
Alcatel-Lucent OmniPCX Enterprise Communication Server 7.1 - masterCGI Command Injection (Metasploit)
Alcatel-Lucent OmniPCX Enterprise Communication Server 7.1 - masterCGI Command Injection Metasploit $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing a...
Alcatel-Lucent OmniPCX Enterprise 7.1 - Remote Command Execution
source: https://www.securityfocus.com/bid/25694/info Alcatel-Lucent OmniPCX Enterprise is prone to a remote command-execution vulnerability because it fails to adequately sanitize user-supplied data. Attackers can exploit this issue to execute arbitrary commands with the privileges of the 'httpd'...
Alcatel-Lucent OmniPCX Enterprise Communication Server 7.1 - masterCGI Command Injection (Metasploit)
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Alcatel-Luce...
Alcatel-Lucent OmniPCX 7.0 VLAN information leak
Broadcast and multicast packets cross VLAN boundaries...
RUS-CERT 2007-06:01 (1380): Insecure Defaults in A-L OmniPCX 7.0
Dear all, for your information. ------------------------------------------------------------------------ RUS-CERT Security Announcement 2007-06:01 1380 ================================================ The built-in Mini Switch in Alcatel-Lucent's IP-Touch Telephones under OmniPCX Enterprise 7.0 an...
CVE-2007-2512
Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0 and later enables the mini switch by default, which allows attackers to gain access to the voice VLAN via daisy-chained systems...
Design/Logic Flaw
Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0 and later enables the mini switch by default, which allows attackers to gain access to the voice VLAN via daisy-chained systems...
CVE-2007-2512
CVE-2007-2512 affects Alcatel-Lucent OmniPCX Enterprise Release 7.0 and later, where the built‑in mini switch on IP-Touch phones is enabled by default. This allows unauthenticated access to the voice VLAN through a daisy‑chained computer system, effectively bypassing 802.1x in some scenarios and ...
CVE-2007-2512
Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0 and later enables the mini switch by default, which allows attackers to gain access to the voice VLAN via daisy-chained systems...
Design/Logic Flaw
Alcatel-Lucent Lucent Technologies voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification CNID, aka Caller ID...
CVE-2007-1822
Alcatel-Lucent Lucent Technologies voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification CNID, aka Caller ID...
CVE-2007-1822
Alcatel-Lucent Lucent Technologies voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification CNID, aka Caller ID...
CVE-2007-1822
Alcatel-Lucent Lucent Technologies voice mail systems are affected by CVE-2007-1822. The vulnerability arises from spoofing the Calling Number Identification (CNID) used for access authentication, allowing remote attackers to retrieve or remove messages or reconfigure mailboxes. The connected doc...
Integer overflow
Integer overflow in the envwrite function in the Alcatel-Lucent Bell Labs Plan 9 kernel allows local users to overwrite certain memory addresses with kernel memory via a large n argument, as demonstrated by 1 modifying the iseve function to gain privileges and 2 making the devpermcheck function...
CVE-2007-1189
Integer overflow in the envwrite function in the Alcatel-Lucent Bell Labs Plan 9 kernel allows local users to overwrite certain memory addresses with kernel memory via a large n argument, as demonstrated by 1 modifying the iseve function to gain privileges and 2 making the devpermcheck function...
CVE-2007-1189
Integer overflow in the envwrite function in the Alcatel-Lucent Bell Labs Plan 9 kernel allows local users to overwrite certain memory addresses with kernel memory via a large n argument, as demonstrated by 1 modifying the iseve function to gain privileges and 2 making the devpermcheck function...
CVE-2007-1189
CVE-2007-1189 : Concrete details show an integer overflow in the Plan 9 kernel’s envwrite function (Alcatel-Lucent Bell Labs Plan 9) that can be triggered by a large n argument. This vulnerability allows local users to overwrite kernel memory, with demonstrated effects including privilege escalat...