49 matches found
EUVD-2015-2893
Malware in sbrugna...
EUVD-2002-1256
Malware in sbrugna...
EUVD-1999-1540
Malware in sbrugna...
EUVD-2004-2369
Malware in sbrugna...
Multiple Alcatel-Lucent OmniSwitch Products Session Hijacking Vulnerability
The Alcatel-Lucent OmniSwitch 6450 is a switch product developed by Alcatel-Lucent of France. Several Alcatel-Lucent OmniSwitch products fail to properly generate weak session identifiers in the web management interface, allowing remote attackers to hijack sessions via brute force attacks...
CVE-2015-2805
Cross-site request forgery CSRF vulnerability in sec/content/secasauserslocaldbadd.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01,...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in sec/content/secasauserslocaldbadd.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01,...
Design/Logic Flaw
The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack...
CVE-2015-2804
The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack...
CVE-2015-2804
CVE-2015-2804 affects Alcatel-Lucent OmniSwitch models (6450, 6250, 6850E, 9000E, 6400, 6855) with AOS firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02. The vulnerability is weak session identifier generation in the management web interface, enabling remote session hijacking via brut...
CVE-2015-2804
The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack...
CVE-2015-2805
The CVE-2015-2805 issue affects Alcatel-Lucent OmniSwitch models (6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, 6860) across multiple AOS firmware versions (6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, 8.1.1.R01). The vulnerability is a Cross-site request forger...
CVE-2015-2805
Cross-site request forgery CSRF vulnerability in sec/content/secasauserslocaldbadd.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01,...
Alcatel-Lucent OmniSwitch security vulnerabilities
Crossite scripting, session hijack...
[RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery
Advisory: Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. The management web interface has no protection against cross-site request...
[RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID
Advisory: Alcatel-Lucent OmniSwitch Web Interface Weak Session ID During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. This interface uses easily guessable session IDs, which allows attackers to authenticate...
Alcatel OmniSwitch WEB Interface Cross-Site Request Forgery Vulnerability
The Alcatel OmniSwitch is an enterprise-class switch. A cross-site request forgery vulnerability exists in the Alcatel OmniSwitch WEB interface, which allows remote attackers to construct malicious URIs, trick users into parsing them, and can perform malicious actions in the context of the target...
Alcatel-Lucent OmniSwitch Web Interface Cross Site Request Forgery
Advisory: Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. The management web interface has no protection against cross-site request...
Alcatel-Lucent OmniSwitch Web Interface Weak Session ID
Advisory: Alcatel-Lucent OmniSwitch Web Interface Weak Session ID During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. This interface uses easily guessable session IDs, which allows attackers to authenticate...
Alcatel-Lucent OmniSwitch Web Interface Cross Site Request Forgery Vulnerability
Vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. The management web interface has no protection against cross-site request forgery attacks. This allows specially crafted web pages to change the switch configuration and create users, if an administrator accesses...