304 matches found
CVE-2007-5361
The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service lo...
CVE-2007-5361
The CVE-2007-5361 issue affects Alcatel-Lucent OmniPCX Enterprise (7.1 and earlier). The Communication Server caches a phone IP during a TFTP request from an IP Touch device and then uses that IP as the destination for all subsequent VoIP packets to that phone. This enables remote attackers to ca...
OmniPCX Enterprise音频重路由信息泄露和拒绝服务漏洞
OmniPCX Enterprise是一款功能强大的语音通信系统。 OmniPCX Enterprise处理特定的TFTP请求存在问题,远程攻击者可以利用漏洞重路由音频流而使信息泄露或进行拒绝服务攻击。 在启动过程中,IP Touch电话使用TFTP协议下载配置信息。 通过发送包含电话的MAC地址Ethernet地址TFTP请求伪造这个初始化下载请求,通信服务器会认为攻击者PC的IP地址是为电话集的正常IP地址而重定向音频信息。 由于信号连接没有断开,因此电话仍旧维持原状,可拨号和接收呼叫。攻击者可利用这问题引导音频到攻击者控制端。导致信息泄露或拒绝服务攻击。 Alcatel OmniP...
Alcatel OmniPCX Enterprise VoIP Vulnerability
COMPASS SECURITY ADVISORY http://www.csnc.ch/ Product: OmniPCX Enterprise Vendor: Alcatel Subject: VoIP Phone Audio Stream Rerouting Vulnerability Risk High Effect Currently exploitable Author: Daniel Stirnimann daniel.stirnimann at csnc dot ch Date: November, 19th 2007 Introduction: ------------...
S21SEC-038-en.txt
S21Sec Advisory - Title: Alcatel Omnivista 4760 Cross-Site Scripting ID: S21SEC-038-en Severity: Medium - History: 10.Jun.2007 Vulnerability discovered 20.Jun.2007 Vendor contacted 19.Oct.2007 Advisory released Authors: Juan de la Fuente Costa [email protected] Pablo Seijo Cajaraville...
Alcatel Lucent Omnivista 4760 - Multiple Cross-Site Scripting Vulnerabilities
Alcatel Lucent Omnivista 4760 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/26128/info OmniVista 4760 is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. Exploiting these...
Alcatel-Lucent OmniPCX Remote Command Execution
Advisory: Alcatel-Lucent OmniPCX Remote Command Execution RedTeam Pentesting discovered a remote command execution in the Alcatel-Lucent OmniPCX during a penetration test. The masterCGI script of the OmniPXC integrated communication solution web interface is vulnerable to a remote command...
Alcatel-Lucent OmniPCX code execution
Code execution in Web interface...
rt-sa-2007-001.txt
Advisory: Alcatel-Lucent OmniPCX Remote Command Execution RedTeam Pentesting discovered a remote command execution in the Alcatel-Lucent OmniPCX during a penetration test. The masterCGI script of the OmniPXC integrated communication solution web interface is vulnerable to a remote command...
Alcatel-Lucent OmniPCX Enterprise Communication Server 7.1 - masterCGI Command Injection (Metasploit)
Alcatel-Lucent OmniPCX Enterprise Communication Server 7.1 - masterCGI Command Injection Metasploit $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing a...
Alcatel-Lucent OmniPCX Enterprise 7.1 - Remote Command Execution
Alcatel-Lucent OmniPCX Enterprise 7.1 - Remote Command Execution source: https://www.securityfocus.com/bid/25694/info Alcatel-Lucent OmniPCX Enterprise is prone to a remote command-execution vulnerability because it fails to adequately sanitize user-supplied data. Attackers can exploit this issue...
Alcatel-Lucent OmniPCX Enterprise Communication Server 7.1 - masterCGI Command Injection (Metasploit)
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Alcatel-Luce...
Alcatel-Lucent OmniPCX Enterprise Communication Server <= 7.1 masterCGI Command Injection
No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...
Alcatel-Lucent OmniPCX Enterprise 7.1 - Remote Command Execution
source: https://www.securityfocus.com/bid/25694/info Alcatel-Lucent OmniPCX Enterprise is prone to a remote command-execution vulnerability because it fails to adequately sanitize user-supplied data. Attackers can exploit this issue to execute arbitrary commands with the privileges of the 'httpd'...
RUS-CERT 2007-06:01 (1380): Insecure Defaults in A-L OmniPCX 7.0
Dear all, for your information. ------------------------------------------------------------------------ RUS-CERT Security Announcement 2007-06:01 1380 ================================================ The built-in Mini Switch in Alcatel-Lucent's IP-Touch Telephones under OmniPCX Enterprise 7.0 an...
Alcatel-Lucent OmniPCX 7.0 VLAN information leak
Broadcast and multicast packets cross VLAN boundaries...
CVE-2007-2512
Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0 and later enables the mini switch by default, which allows attackers to gain access to the voice VLAN via daisy-chained systems...
Design/Logic Flaw
Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0 and later enables the mini switch by default, which allows attackers to gain access to the voice VLAN via daisy-chained systems...
CVE-2007-2512
Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0 and later enables the mini switch by default, which allows attackers to gain access to the voice VLAN via daisy-chained systems...
CVE-2007-2512
CVE-2007-2512 affects Alcatel-Lucent OmniPCX Enterprise Release 7.0 and later, where the built‑in mini switch on IP-Touch phones is enabled by default. This allows unauthenticated access to the voice VLAN through a daisy‑chained computer system, effectively bypassing 802.1x in some scenarios and ...