304 matches found
CVE-2010-3280
The CVE-2010-3280 issue affects Alcatel-Lucent OmniTouch Contact Center Standard Edition, specifically the CCAgent option in the TSA/management server. The root cause is client-side authorization checking that results in the SuperUser password being sent to the client, enabling an attacker with a...
CVE-2010-3279
Affected product: Alcatel-Lucent OmniTouch Contact Center Standard Edition, CCAgent option (TSA management server). Root cause: default configuration and flawed authentication allow unauthenticated access to TSA_maintenance.exe, enabling remote monitoring or reconfiguration of Contact Center oper...
CVE-2010-3281
Stack-based buffer overflow in the HTTP proxy service in Alcatel-Lucent OmniVista 4760 server before R5.1.06.03.cPatch3 allows remote attackers to execute arbitrary code or cause a denial of service service crash via a long request...
CVE-2010-3281
CVE-2010-3281 describes a stack-based buffer overflow in the HTTP proxy of the Alcatel-Lucent OmniVista 4760 server. The vulnerability is triggered by a long HTTP GET request to the built-in proxy, allowing remote attackers to potentially execute arbitrary code or cause a denial of service. Affec...
CVE-2010-3280
The CCAgent option 9.0.8.4 and earlier in the management server aka TSA component in Alcatel-Lucent OmniTouch Contact Center Standard Edition relies on client-side authorization checking, and unconditionally sends the SuperUser password to the client for use during an authorized session, which...
KLA10055 ACE & DoS vulnerability in OmniVista 4760
A buffer overflow vulnerability was found in OmniVista. By exploiting this vulnerability malicious users can cause denial of service or execute arbitrary code. This vulnerability can be exploited from the network via a specially designed request. Original advisories Alcatel bulletin Related...
n.runs-SA-2010.002 - Alcatel-Lucent - arbitrary code execution on OmniVista 4760
n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2010.002 20-September-2010 Vendor: Alcatel Affected Products: OmniVista 4760 server: all versions prior to release R5.1.06.03.cPatch3. Vulnerability: arbitrary code execution Risk: High CVE-Number: CVE-2010-3281 Vendor communication:...
n.runs-SA-2010.001 - Alcatel-Lucent - unauthenticated administrative access to CTI CCA Server
n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2010.001 20-September-2010 Vendor: Alcatel Affected Products: Versions before 9.0.8.4 of the CCAgent option of OmniTouch Contact Center Standard Edition Vulnerability: unauthenticated administrative access to CTI CCA Server Risk: High...
BIND 9 DNSSEC validation code could cause fake NXDOMAIN responses
Overview A vulnerability exists in the BIND 9 DNSSEC validation code that could be used by an attacker to generate fake NXDOMAIN responses. Description BIND 9 contains a vulnerability in DNSSEC validation code. According to ISC: There was an error in the DNSSEC NSEC/NSEC3 validation code that cou...
Alcatel-Lucent OmniPCX Enterprise masterCGI Arbitrary Command Execution
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Alcatel-Luce...
Alcatel-Lucent OmniPCX Enterprise masterCGI Arbitrary Command Execution
This module abuses a metacharacter injection vulnerability in the HTTP management interface of the Alcatel-Lucent OmniPCX Enterprise Communication Server 7.1 and earlier. The Unified Maintenance Tool contains a 'masterCGI' binary which allows an unauthenticated attacker to execute arbitrary...
ProSysInfo TFTP server TFTPDWIN 0.4.2 - Universal Remote Buffer Overflow
ProSysInfo TFTP server TFTPDWIN 0.4.2 - Universal Remote Buffer Overflow !/usr/bin/perl ProSysInfo TFTP server TFTPDWIN Greets fly to InTeL. WARNING: Author has no responsibility over the damage you do using this! use IO::Socket; use warnings; use strict; if!$ARGV0 print "x ProSysInfo TFTP server...
ProSysInfo TFTP Server TFTPDWIN 0.4.2 Overflow
!/usr/bin/perl ProSysInfo TFTP server TFTPDWIN Greets fly to InTeL. WARNING: Author has no responsibility over the damage you do using this! use IO::Socket; use warnings; use strict; if!$ARGV0 print "x ProSysInfo TFTP server TFTPDWIN = 0.4.2\n"; print " Universal Remote Buffer Overflow Exploi...
ProSysInfo TFTP server TFTPDWIN 0.4.2 - Universal Remote Buffer Overflow
!/usr/bin/perl ProSysInfo TFTP server TFTPDWIN Greets fly to InTeL. WARNING: Author has no responsibility over the damage you do using this! use IO::Socket; use warnings; use strict; if!$ARGV0 print "x ProSysInfo TFTP server TFTPDWIN = 0.4.2\n"; print " Universal Remote Buffer Overflow...
Layered Defense Research Advisory: Alcatel-Lucent OmniSwitch products, Stack Buffer Overflow
================================================== Layered Defense Research Advisory 12 August 2008 ================================================== 1 Affected Product Alcatel-Lucent OmniSwitch products OS7000 OS6600 OS6800 OS6850 OS9000 ================================================== 2...
Alcatel OmniPCX Office 210/061.1 Remote Command Execution Vuln
Exploit for cgi platform in category web applications ============================================================== Alcatel OmniPCX Office 210/061.1 Remote Command Execution Vuln ============================================================== Digital Security Research Group DSecRG Advisory...
OmniPCX Office远程信息泄露漏洞
BUGTRAQ ID: 28758 CVECAN ID: CVE-2008-1331 阿尔卡特的OmniPCX Office是一套为中小型企业设计的统一通信解决方案。 OmniPCX Office的Internet Access服务所使用的一个CGI脚本没有正确地过滤某些特定参数,允许远程攻击者从Internet检索敏感信息。 Alcatel-Lucent OmniPCX Office = 210/061.1 临时解决方法: 如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁: 禁止从Internet的WBM/WCA访问 对于R2.1到R4.1版本:...
OmniPCX Enterprise音频重新路由信息泄漏及拒绝服务漏洞
BUGTRAQ ID: 26494 CVECAN ID: CVE-2007-5361 OmniPCX Enterprise是企业级的集成通讯解决方案。 OmniPCX Enterprise在处理畸形TFTP请求时存在漏洞,远程攻击者可能利用此漏洞导致设备工作不正常。 在引导时,OmniPCX Enterprise服务器的IP...
Design/Logic Flaw
The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service lo...
CVE-2007-5361
The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service lo...