57 matches found
CVE-2019-20049
An issue was discovered on Alcatel-Lucent OmniVista 4760 devices. A remote unauthenticated attacker can chain a directory traversal which helps to bypass authentication with an insecure file upload to achieve Remote Code Execution as SYSTEM. The directory traversal is in the construct whereas the...
CVE-2019-20048
An issue was discovered on Alcatel-Lucent OmniVista 8770 devices before 4.1.2. An authenticated remote attacker, with elevated privileges in the Web Directory component on port 389, may upload a PHP file to achieve Remote Code Execution as SYSTEM...
EUVD-2007-5171
Malware in sbrugna...
EUVD-2011-0371
Malware in sbrugna...
ALE Alcatel-Lucent Omnivista 4760 and ALE Alcatel-Lucent Omnivista 8770 Remote Code Execution Vulnerabilities
The ALE Alcatel-Lucent Omnivista 4760 and the ALE Alcatel-Lucent Omnivista 8770 are both products of ALE France.The ALE Alcatel-Lucent Omnivista 4760 is a network management system. The product includes alarm notification, OmniPCX configuration, performance analysis and Voice over IP monitoring.A...
Alcatel OmniVista remote command execution
Added: 12/31/2019 Background Alcatel OmniVista is a graphical interface to Alcatel OmniPCX, a common VoIP solution. Problem Directory traversal and insecure upload vulnerabilities allow a remote attacker to upload and execute arbitrary PHP code. Resolution Upgrade to OmniVista 8770 version 4.1.12...
Alcatel OmniVista remote command execution
Added: 12/31/2019 Background Alcatel OmniVista is a graphical interface to Alcatel OmniPCX, a common VoIP solution. Problem Directory traversal and insecure upload vulnerabilities allow a remote attacker to upload and execute arbitrary PHP code. Resolution Upgrade to OmniVista 8770 version 4.1.12...
Alcatel OmniVista remote command execution
Added: 12/31/2019 Background Alcatel OmniVista is a graphical interface to Alcatel OmniPCX, a common VoIP solution. Problem Directory traversal and insecure upload vulnerabilities allow a remote attacker to upload and execute arbitrary PHP code. Resolution Upgrade to OmniVista 8770 version 4.1.12...
Alcatel-Lucent OmniVista 4760 Directory Traversal and Insecure File Upload Vulnerability
LE Alcatel-Lucent Omnivista 4760 is a network management system from ALE France. The product includes features such as alarm notification, OmniPCX configuration, performance analysis and Voice over IP monitoring. A security vulnerability exists in the ALE Alcatel-Lucent OmniVista 4760. An attacke...
Alcatel-Lucent OmniVista 8770 Remote Code Execution Vulnerability
The ALE Alcatel-Lucent Omnivista 8770 is a network management system from ALE France. The product includes features such as alarm notification, OmniPCX configuration, performance analysis, and Voice over IP monitoring. A security vulnerability exists in the ALE Alcatel-Lucent OmniVista 8770 prior...
CVE-2019-20048
An issue was discovered on Alcatel-Lucent OmniVista 8770 devices before 4.1.2. An authenticated remote attacker, with elevated privileges in the Web Directory component on port 389, may upload a PHP file to achieve Remote Code Execution as SYSTEM...
CVE-2019-20047
An issue was discovered on Alcatel-Lucent OmniVista 4760 devices, and 8770 devices before 4.1.2. An incorrect web server configuration allows a remote unauthenticated attacker to retrieve the content of its own session files. Every session file contains the administrative LDAP credentials encoded...
CVE-2019-20048
An issue was discovered on Alcatel-Lucent OmniVista 8770 devices before 4.1.2. An authenticated remote attacker, with elevated privileges in the Web Directory component on port 389, may upload a PHP file to achieve Remote Code Execution as SYSTEM...
CVE-2019-20047
An issue was discovered on Alcatel-Lucent OmniVista 4760 devices, and 8770 devices before 4.1.2. An incorrect web server configuration allows a remote unauthenticated attacker to retrieve the content of its own session files. Every session file contains the administrative LDAP credentials encoded...
CVE-2019-20049
An issue was discovered on Alcatel-Lucent OmniVista 4760 devices. A remote unauthenticated attacker can chain a directory traversal which helps to bypass authentication with an insecure file upload to achieve Remote Code Execution as SYSTEM. The directory traversal is in the construct whereas the...
Format string
An issue was discovered on Alcatel-Lucent OmniVista 4760 devices, and 8770 devices before 4.1.2. An incorrect web server configuration allows a remote unauthenticated attacker to retrieve the content of its own session files. Every session file contains the administrative LDAP credentials encoded...
Directory traversal
An issue was discovered on Alcatel-Lucent OmniVista 4760 devices. A remote unauthenticated attacker can chain a directory traversal which helps to bypass authentication with an insecure file upload to achieve Remote Code Execution as SYSTEM. The directory traversal is in the construct whereas the...
CVE-2019-20047
The CVE-2019-20047 issue affects Alcatel-Lucent OmniVista 4760 and OmniVista 8770 prior to version 4.1.2. A misconfigured web server allows a remote unauthenticated attacker to retrieve the contents of its own session files located under /sessions/sess_. Each session file contains administrative ...
CVE-2019-20048
CVE-2019-20048 affects Alcatel-Lucent OmniVista 8770 devices prior to 4.1.2. An authenticated remote attacker with elevated privileges in the Web Directory component (port 389) can upload a PHP file, enabling Remote Code Execution as SYSTEM. Public Red Hat, CNVD, and CVE records corroborate the s...
CVE-2019-20048
An issue was discovered on Alcatel-Lucent OmniVista 8770 devices before 4.1.2. An authenticated remote attacker, with elevated privileges in the Web Directory component on port 389, may upload a PHP file to achieve Remote Code Execution as SYSTEM...