24 matches found
Alcatel OmniPCX Enterprise Remote Code Execution Vulnerability
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server allows remote attackers to execute arbitrary commands...
Alcatel-Lucent OmniPCX Enterprise masterCGI Arbitrary Command Execution
No description provided by source. $Id: alcatelomnipcxmastercgiexec.rb 10556 2010-10-05 23:13:04Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing...
Alcatel-Lucent OmniPCX Enterprise <= 7.1 Remote Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/25694/info Alcatel-Lucent OmniPCX Enterprise is prone to a remote command-execution vulnerability because it fails to adequately sanitize user-supplied data. Attackers can exploit this issue to execute arbitrary commands...
Alcatel-Lucent OmniPCX Enterprise Remote Command Execution Vulnerability
Alcatel-Lucent OmniPCX Enterprise is prone to a remote command- execution vulnerability because it fails to adequately sanitize user- supplied data. Attackers can exploit this issue to execute arbitrary commands with the privileges of the 'httpd' user. Successful attacks may facilitate a compromi...
Alcatel-Lucent OmniPCX Enterprise RCE Vulnerability
Alcatel-Lucent OmniPCX Enterprise is prone to a remote command- execution vulnerability because it fails to adequately sanitize user- supplied data. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...
Stack overflow
Multiple stack-based buffer overflows in unspecified CGI programs in the Unified Maintenance Tool web interface in the embedded web server in the Communication Server CS in Alcatel-Lucent OmniPCX Enterprise before R9.0 H1.301.50 allow remote attackers to execute arbitrary code via crafted HTTP...
CVE-2011-0344
CVE-2011-0344 concerns multiple stack-based buffer overflows in unspecified CGI programs within the OmniPCX Enterprise CS web interface. The vulnerability arises when parsing certain HTTP headers, enabling a remote attacker to execute arbitrary code with the service’s privileges. Affected: OmniPC...
CVE-2011-0344
Multiple stack-based buffer overflows in unspecified CGI programs in the Unified Maintenance Tool web interface in the embedded web server in the Communication Server CS in Alcatel-Lucent OmniPCX Enterprise before R9.0 H1.301.50 allow remote attackers to execute arbitrary code via crafted HTTP...
iDefense Security Advisory 03.01.11: Alcatel-Lucent OmniPCX Enterprise CS CGI Cookie Buffer Overflow Vulnerability
iDefense Security Advisory 03.01.11 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 01, 2011 I. BACKGROUND The Alcatel-Lucent OmniPCX Enterprise Communication Server CS is a communication server platform that provides multimedia call processing for both Alcatel-Lucent and third-party...
Alcatel-Lucent OmniPCX Enterprise - masterCGI Arbitrary Command Execution (Metasploit)
$Id: alcatelomnipcxmastercgiexec.rb 10556 2010-10-05 23:13:04Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Alcatel-Lucent OmniPCX Enterprise masterCGI Arbitrary Command Execution
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Alcatel-Luce...
Alcatel-Lucent OmniPCX Enterprise masterCGI Arbitrary Command Execution
This module abuses a metacharacter injection vulnerability in the HTTP management interface of the Alcatel-Lucent OmniPCX Enterprise Communication Server 7.1 and earlier. The Unified Maintenance Tool contains a 'masterCGI' binary which allows an unauthenticated attacker to execute arbitrary...
OmniPCX Enterprise音频重新路由信息泄漏及拒绝服务漏洞
BUGTRAQ ID: 26494 CVECAN ID: CVE-2007-5361 OmniPCX Enterprise是企业级的集成通讯解决方案。 OmniPCX Enterprise在处理畸形TFTP请求时存在漏洞,远程攻击者可能利用此漏洞导致设备工作不正常。 在引导时,OmniPCX Enterprise服务器的IP...
Design/Logic Flaw
The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service lo...
CVE-2007-5361
The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service lo...
Alcatel OmniPCX Enterprise VoIP Vulnerability
COMPASS SECURITY ADVISORY http://www.csnc.ch/ Product: OmniPCX Enterprise Vendor: Alcatel Subject: VoIP Phone Audio Stream Rerouting Vulnerability Risk High Effect Currently exploitable Author: Daniel Stirnimann daniel.stirnimann at csnc dot ch Date: November, 19th 2007 Introduction: ------------...
OmniPCX Enterprise音频重路由信息泄露和拒绝服务漏洞
OmniPCX Enterprise是一款功能强大的语音通信系统。 OmniPCX Enterprise处理特定的TFTP请求存在问题,远程攻击者可以利用漏洞重路由音频流而使信息泄露或进行拒绝服务攻击。 在启动过程中,IP Touch电话使用TFTP协议下载配置信息。 通过发送包含电话的MAC地址Ethernet地址TFTP请求伪造这个初始化下载请求,通信服务器会认为攻击者PC的IP地址是为电话集的正常IP地址而重定向音频信息。 由于信号连接没有断开,因此电话仍旧维持原状,可拨号和接收呼叫。攻击者可利用这问题引导音频到攻击者控制端。导致信息泄露或拒绝服务攻击。 Alcatel OmniP...
PT-2007-4307 · Alcatel · Alcatel Omnipcx Enterprise Communication Server
Name of the Vulnerable Software and Affected Versions: Alcatel OmniPCX Enterprise Communication Server versions R7.1 and earlier Description: The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action. This is related to the...
Alcatel-Lucent OmniPCX Enterprise Communication Server <= 7.1 masterCGI Command Injection
No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...
Alcatel-Lucent OmniPCX Enterprise 7.1 - Remote Command Execution
Alcatel-Lucent OmniPCX Enterprise 7.1 - Remote Command Execution source: https://www.securityfocus.com/bid/25694/info Alcatel-Lucent OmniPCX Enterprise is prone to a remote command-execution vulnerability because it fails to adequately sanitize user-supplied data. Attackers can exploit this issue...