304 matches found
CVE-2015-4586
Cross-site request forgery CSRF vulnerability in Alcatel-Lucent CellPipe 7130 RG 5Ae.M2013 HOL with firmware 1.0.0.20h.HOL allows remote attackers to hijack the authentication of administrators for requests that create a user account via an adduser action in a request to password.cmd...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Alcatel-Lucent CellPipe 7130 RG 5Ae.M2013 HOL with firmware 1.0.0.20h.HOL allows remote attackers to hijack the authentication of administrators for requests that create a user account via an adduser action in a request to password.cmd...
CVE-2015-4586
The CVE-2015-4586 entry concerns the Alcatel-Lucent CellPipe 7130 RG 5Ae.M2013 HOL router with firmware 1.0.0.20h.HOL. A Cross-Site Request Forgery (CSRF) vulnerability in the device’s web interface can allow an attacker to hijack administrator authentication and perform actions such as creating ...
CVE-2015-4586
Cross-site request forgery CSRF vulnerability in Alcatel-Lucent CellPipe 7130 RG 5Ae.M2013 HOL with firmware 1.0.0.20h.HOL allows remote attackers to hijack the authentication of administrators for requests that create a user account via an adduser action in a request to password.cmd...
Alcatel-Lucent CellPipe 7130 Router Cross-Site Scripting Vulnerability
The Alcatel-Lucent CellPipe 7130 Router is a router product from Alcatel-Lucent, France. A cross-site scripting vulnerability exists in the Alcatel-Lucent CellPipe 7130 Router. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via the 'Custom application' fie...
CVE-2015-4587
Cross-site scripting XSS vulnerability in the Alcatel-Lucent CellPipe 7130 router with firmware 1.0.0.20h.HOL allows remote attackers to inject arbitrary web script or HTML via the "Custom application" field in the "port triggering" menu...
Cross site scripting
Cross-site scripting XSS vulnerability in the Alcatel-Lucent CellPipe 7130 router with firmware 1.0.0.20h.HOL allows remote attackers to inject arbitrary web script or HTML via the "Custom application" field in the "port triggering" menu...
CVE-2015-4587
CVE-2015-4587 – A stored XSS in the Alcatel-Lucent CellPipe 7130 Router Web UI is triggered via the On-the-fly input in the "Custom application" field within the "port triggering" menu. Affected firmware: 1.0.0.20h.HOL. The root cause is unsanitized user input interpreted as HTML/JavaScript in th...
Multiple Alcatel-Lucent OmniSwitch Products Session Hijacking Vulnerability
The Alcatel-Lucent OmniSwitch 6450 is a switch product developed by Alcatel-Lucent of France. Several Alcatel-Lucent OmniSwitch products fail to properly generate weak session identifiers in the web management interface, allowing remote attackers to hijack sessions via brute force attacks...
CVE-2015-2805
Cross-site request forgery CSRF vulnerability in sec/content/secasauserslocaldbadd.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01,...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in sec/content/secasauserslocaldbadd.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01,...
Design/Logic Flaw
The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack...
CVE-2015-2804
The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack...
CVE-2015-2804
The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack...
CVE-2015-2805
Cross-site request forgery CSRF vulnerability in sec/content/secasauserslocaldbadd.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01,...
CVE-2015-2805
The CVE-2015-2805 issue affects Alcatel-Lucent OmniSwitch models (6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, 6860) across multiple AOS firmware versions (6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, 8.1.1.R01). The vulnerability is a Cross-site request forger...
CVE-2015-2804
CVE-2015-2804 affects Alcatel-Lucent OmniSwitch models (6450, 6250, 6850E, 9000E, 6400, 6855) with AOS firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02. The vulnerability is weak session identifier generation in the management web interface, enabling remote session hijacking via brut...
Alcatel-Lucent OmniSwitch security vulnerabilities
Crossite scripting, session hijack...
[RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID
Advisory: Alcatel-Lucent OmniSwitch Web Interface Weak Session ID During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. This interface uses easily guessable session IDs, which allows attackers to authenticate...
[RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery
Advisory: Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. The management web interface has no protection against cross-site request...