Lucene search
K

24 matches found

CISA KEV Catalog
CISA KEV Catalog
added 2022/04/15 12:0 a.m.58 views

Alcatel OmniPCX Enterprise Remote Code Execution Vulnerability

masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server allows remote attackers to execute arbitrary commands...

10CVSS7.7AI score0.97759EPSS
In wildExploits8
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.72 views

Alcatel-Lucent OmniPCX Enterprise masterCGI Arbitrary Command Execution

No description provided by source. $Id: alcatelomnipcxmastercgiexec.rb 10556 2010-10-05 23:13:04Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

Alcatel-Lucent OmniPCX Enterprise <= 7.1 Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25694/info Alcatel-Lucent OmniPCX Enterprise is prone to a remote command-execution vulnerability because it fails to adequately sanitize user-supplied data. Attackers can exploit this issue to execute arbitrary commands...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2012/04/26 12:0 a.m.27 views

Alcatel-Lucent OmniPCX Enterprise Remote Command Execution Vulnerability

Alcatel-Lucent OmniPCX Enterprise is prone to a remote command- execution vulnerability because it fails to adequately sanitize user- supplied data. Attackers can exploit this issue to execute arbitrary commands with the privileges of the 'httpd' user. Successful attacks may facilitate a compromi...

10CVSS0.9AI score0.97759EPSS
Exploits8References4
OpenVAS
OpenVAS
added 2012/04/26 12:0 a.m.28 views

Alcatel-Lucent OmniPCX Enterprise RCE Vulnerability

Alcatel-Lucent OmniPCX Enterprise is prone to a remote command- execution vulnerability because it fails to adequately sanitize user- supplied data. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

10CVSS9.4AI score0.97759EPSS
Exploits8References6
Prion
Prion
added 2011/03/08 9:59 p.m.14 views

Stack overflow

Multiple stack-based buffer overflows in unspecified CGI programs in the Unified Maintenance Tool web interface in the embedded web server in the Communication Server CS in Alcatel-Lucent OmniPCX Enterprise before R9.0 H1.301.50 allow remote attackers to execute arbitrary code via crafted HTTP...

5.8CVSS8.4AI score0.02318EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2011/03/08 9:0 p.m.58 views

CVE-2011-0344

CVE-2011-0344 concerns multiple stack-based buffer overflows in unspecified CGI programs within the OmniPCX Enterprise CS web interface. The vulnerability arises when parsing certain HTTP headers, enabling a remote attacker to execute arbitrary code with the service’s privileges. Affected: OmniPC...

5.8CVSS8.1AI score0.02318EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2011/03/08 9:0 p.m.23 views

CVE-2011-0344

Multiple stack-based buffer overflows in unspecified CGI programs in the Unified Maintenance Tool web interface in the embedded web server in the Communication Server CS in Alcatel-Lucent OmniPCX Enterprise before R9.0 H1.301.50 allow remote attackers to execute arbitrary code via crafted HTTP...

7.9AI score0.02318EPSS
Exploits0References6
securityvulns
securityvulns
added 2011/03/03 12:0 a.m.87 views

iDefense Security Advisory 03.01.11: Alcatel-Lucent OmniPCX Enterprise CS CGI Cookie Buffer Overflow Vulnerability

iDefense Security Advisory 03.01.11 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 01, 2011 I. BACKGROUND The Alcatel-Lucent OmniPCX Enterprise Communication Server CS is a communication server platform that provides multimedia call processing for both Alcatel-Lucent and third-party...

5.8CVSS0.8AI score0.02318EPSS
Exploits0
Exploit DB
Exploit DB
added 2010/10/05 12:0 a.m.72 views

Alcatel-Lucent OmniPCX Enterprise - masterCGI Arbitrary Command Execution (Metasploit)

$Id: alcatelomnipcxmastercgiexec.rb 10556 2010-10-05 23:13:04Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

10CVSS7AI score0.97759EPSS
Exploits8
Packet Storm
Packet Storm
added 2009/10/27 12:0 a.m.46 views

Alcatel-Lucent OmniPCX Enterprise masterCGI Arbitrary Command Execution

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Alcatel-Luce...

10CVSS1.1AI score0.97759EPSS
Exploits8
Metasploit
Metasploit
added 2009/09/01 3:43 a.m.84 views

Alcatel-Lucent OmniPCX Enterprise masterCGI Arbitrary Command Execution

This module abuses a metacharacter injection vulnerability in the HTTP management interface of the Alcatel-Lucent OmniPCX Enterprise Communication Server 7.1 and earlier. The Unified Maintenance Tool contains a 'masterCGI' binary which allows an unauthenticated attacker to execute arbitrary...

9.8CVSS0.9AI score0.97759EPSS
Exploits8
seebug.org
seebug.org
added 2007/11/21 12:0 a.m.26 views

OmniPCX Enterprise音频重新路由信息泄漏及拒绝服务漏洞

BUGTRAQ ID: 26494 CVECAN ID: CVE-2007-5361 OmniPCX Enterprise是企业级的集成通讯解决方案。 OmniPCX Enterprise在处理畸形TFTP请求时存在漏洞,远程攻击者可能利用此漏洞导致设备工作不正常。 在引导时,OmniPCX Enterprise服务器的IP...

8.5CVSS6.5AI score0.02354EPSS
Exploits1
Prion
Prion
added 2007/11/20 7:46 p.m.12 views

Design/Logic Flaw

The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service lo...

8.5CVSS7.1AI score0.02354EPSS
Exploits1References10Affected Software1
NVD
NVD
added 2007/11/20 7:46 p.m.21 views

CVE-2007-5361

The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service lo...

8.5CVSS6.6AI score0.02354EPSS
Exploits1References10
securityvulns
securityvulns
added 2007/11/20 12:0 a.m.61 views

Alcatel OmniPCX Enterprise VoIP Vulnerability

COMPASS SECURITY ADVISORY http://www.csnc.ch/ Product: OmniPCX Enterprise Vendor: Alcatel Subject: VoIP Phone Audio Stream Rerouting Vulnerability Risk High Effect Currently exploitable Author: Daniel Stirnimann daniel.stirnimann at csnc dot ch Date: November, 19th 2007 Introduction: ------------...

Exploits0
seebug.org
seebug.org
added 2007/11/20 12:0 a.m.23 views

OmniPCX Enterprise音频重路由信息泄露和拒绝服务漏洞

OmniPCX Enterprise是一款功能强大的语音通信系统。 OmniPCX Enterprise处理特定的TFTP请求存在问题,远程攻击者可以利用漏洞重路由音频流而使信息泄露或进行拒绝服务攻击。 在启动过程中,IP Touch电话使用TFTP协议下载配置信息。 通过发送包含电话的MAC地址Ethernet地址TFTP请求伪造这个初始化下载请求,通信服务器会认为攻击者PC的IP地址是为电话集的正常IP地址而重定向音频信息。 由于信号连接没有断开,因此电话仍旧维持原状,可拨号和接收呼叫。攻击者可利用这问题引导音频到攻击者控制端。导致信息泄露或拒绝服务攻击。 Alcatel OmniP...

7.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2007/09/18 12:0 a.m.6 views

PT-2007-4307 · Alcatel · Alcatel Omnipcx Enterprise Communication Server

Name of the Vulnerable Software and Affected Versions: Alcatel OmniPCX Enterprise Communication Server versions R7.1 and earlier Description: The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action. This is related to the...

10CVSS7.6AI score0.97759EPSS
Exploits8References17
seebug.org
seebug.org
added 2007/09/17 12:0 a.m.33 views

Alcatel-Lucent OmniPCX Enterprise Communication Server &lt;= 7.1 masterCGI Command Injection

No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...

7.1AI score0.97759EPSS
Exploits8
exploitpack
exploitpack
added 2007/09/17 12:0 a.m.13 views

Alcatel-Lucent OmniPCX Enterprise 7.1 - Remote Command Execution

Alcatel-Lucent OmniPCX Enterprise 7.1 - Remote Command Execution source: https://www.securityfocus.com/bid/25694/info Alcatel-Lucent OmniPCX Enterprise is prone to a remote command-execution vulnerability because it fails to adequately sanitize user-supplied data. Attackers can exploit this issue...

0.6AI score
Exploits0
Rows per page
Query Builder