251 matches found
CVE-2024-29149
CVE-2024-29149 affects Alcatel-Lucent ALE NOE deskphones (86x8 NOE-R300.1.40.12.4180 and earlier) and ALE SIP deskphones (86x8 SIP-R200.1.01.10.728 and earlier). The issue is a time‑of‑check time‑of‑use vulnerability that permits an authenticated attacker to replace a verified firmware image with...
Alcatel-Lucent ALE NOE 安全漏洞
The Alcatel-Lucent ALE NOE is a desktop phone from Alcatel-Lucent. A security vulnerability exists in Alcatel-Lucent ALE NOE versions 86x8NOE-R300.1.40.07.4140, 86x8SIP-R200.1.01.10.728, which stems from a security issue at check time, which could allow an authenticated attacker to replace the...
CVE-2024-29150
The CVE affects Alcatel-Lucent ALE NOE deskphones (86x8 NOE-R300.1.40.12.4180 and earlier) and SIP deskphones (86x8_SIP-R200.1.01.10.728 and earlier). The root cause is improper privilege management that allows an authenticated attacker to create symbolic links to sensitive files in debugging dat...
Alcatel Lucent Stack Overflow (CVE-2019-3922)
A stack overflow vulnerability exists in Alcatel Lucent. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
CVE-2014-3809
Cross-site scripting XSS vulnerability in the management interface in Alcatel-Lucent 1830 Photonic Service Switch PSS 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the myurl parameter to menu/pop.html...
Cross site scripting
Cross-site scripting XSS vulnerability in the management interface in Alcatel-Lucent 1830 Photonic Service Switch PSS 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the myurl parameter to menu/pop.html...
CVE-2014-3809
Cross-site scripting XSS vulnerability in the management interface in Alcatel-Lucent 1830 Photonic Service Switch PSS 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the myurl parameter to menu/pop.html...
CVE-2014-3809
CVE-2014-3809 describes a reflected cross-site scripting (XSS) vulnerability in the management interface of Alcatel-Lucent 1830 Photonic Service Switch (PSS) 6.0 and earlier. The flaw allows remote attackers to inject arbitrary web script or HTML via the myurl parameter to menu/pop.html. The root...
Alcatel-Lucent OmniVista 4760 Directory Traversal and Insecure File Upload Vulnerability
LE Alcatel-Lucent Omnivista 4760 is a network management system from ALE France. The product includes features such as alarm notification, OmniPCX configuration, performance analysis and Voice over IP monitoring. A security vulnerability exists in the ALE Alcatel-Lucent OmniVista 4760. An attacke...
Alcatel-Lucent OmniVista 8770 Remote Code Execution Vulnerability
The ALE Alcatel-Lucent Omnivista 8770 is a network management system from ALE France. The product includes features such as alarm notification, OmniPCX configuration, performance analysis, and Voice over IP monitoring. A security vulnerability exists in the ALE Alcatel-Lucent OmniVista 8770 prior...
CVE-2019-20048
An issue was discovered on Alcatel-Lucent OmniVista 8770 devices before 4.1.2. An authenticated remote attacker, with elevated privileges in the Web Directory component on port 389, may upload a PHP file to achieve Remote Code Execution as SYSTEM...
CVE-2019-20049
An issue was discovered on Alcatel-Lucent OmniVista 4760 devices. A remote unauthenticated attacker can chain a directory traversal which helps to bypass authentication with an insecure file upload to achieve Remote Code Execution as SYSTEM. The directory traversal is in the construct whereas the...
CVE-2019-20047
An issue was discovered on Alcatel-Lucent OmniVista 4760 devices, and 8770 devices before 4.1.2. An incorrect web server configuration allows a remote unauthenticated attacker to retrieve the content of its own session files. Every session file contains the administrative LDAP credentials encoded...
Format string
An issue was discovered on Alcatel-Lucent OmniVista 4760 devices, and 8770 devices before 4.1.2. An incorrect web server configuration allows a remote unauthenticated attacker to retrieve the content of its own session files. Every session file contains the administrative LDAP credentials encoded...
Directory traversal
An issue was discovered on Alcatel-Lucent OmniVista 4760 devices. A remote unauthenticated attacker can chain a directory traversal which helps to bypass authentication with an insecure file upload to achieve Remote Code Execution as SYSTEM. The directory traversal is in the construct whereas the...
CVE-2019-20047
An issue was discovered on Alcatel-Lucent OmniVista 4760 devices, and 8770 devices before 4.1.2. An incorrect web server configuration allows a remote unauthenticated attacker to retrieve the content of its own session files. Every session file contains the administrative LDAP credentials encoded...
CVE-2019-20048
An issue was discovered on Alcatel-Lucent OmniVista 8770 devices before 4.1.2. An authenticated remote attacker, with elevated privileges in the Web Directory component on port 389, may upload a PHP file to achieve Remote Code Execution as SYSTEM...
CVE-2019-20048
CVE-2019-20048 affects Alcatel-Lucent OmniVista 8770 devices prior to 4.1.2. An authenticated remote attacker with elevated privileges in the Web Directory component (port 389) can upload a PHP file, enabling Remote Code Execution as SYSTEM. Public Red Hat, CNVD, and CVE records corroborate the s...
CVE-2019-20049
The CVE-2019-20049 entry affects Alcatel-Lucent OmniVista 4760 devices. A remote, unauthenticated attacker can chain a directory traversal vulnerability (located in the __construct() method) with an insecure file upload (in SetSkinImages()) to achieve Remote Code Execution as SYSTEM. This combine...
CVE-2019-20049
An issue was discovered on Alcatel-Lucent OmniVista 4760 devices. A remote unauthenticated attacker can chain a directory traversal which helps to bypass authentication with an insecure file upload to achieve Remote Code Execution as SYSTEM. The directory traversal is in the construct whereas the...