Stack overflow

Stack-based buffer overflow in the HTTP module in the 1 Branch Intelligent Management System BIMS and 2 web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches allows remote attackers to execute arbitrary code via a long URI...

CVE-2012-6569

Stack-based buffer overflow in the HTTP module in the 1 Branch Intelligent Management System BIMS and 2 web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches allows remote attackers to execute arbitrary code via a long URI...

CVE-2012-6570

The CVE-2012-6570 entry concerns Huawei AR routers and related Huawei S-series switches (S2000, S3000, S3500, S3900, S5100, S5600, S7800, S8500) where the HTTP module fails to validate that incoming data length respects the Content-Length header. This vulnerability in the HTTP module of both the ...

Samsung Handsets Distributed With Malware-Infected Memory Cards

Another mobile-phone manufacturer has fallen victim to an increasingly common attack in which phones’ memory cards are infected with malware during the manufacturing process and then shipped out to customers. The latest victim is Samsung, which has acknowledged that the microSD cards in a batch o...

Avaya Communication Manager存在多个安全漏洞

BUGTRAQ ID: 29939 CNCAN ID：CNCAN-2008062702 Avaya Communication Manager是一款IP语音通信解决方案。 Avaya Communication Manager WEB管理接口存在多个安全问题，远程攻击者可以利用漏洞执行任意代码，提升特权，获得敏感信息等攻击。 -配置数据查看或恢复信任凭证时存在问题可导致提升特权。 -配置本地数据查看和恢复参数时可导致以登录用户进程权限执行系统命令。 -配置存在问题可导致系统信息恢复，包括加密密码信息。 -无需验证从对象文件夹中执行脚本。 -无需验证可执行不需要的默认应用程序。...

Command injection

Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allow remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors aka "shell command injection"...

CVE-2007-1491

Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties...

CVE-2007-1490

Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allow remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors aka "shell command injection"...

CVE-2007-1491

CVE-2007-1491 affects Avaya/S87XX, S8500, and S8300 platforms running Avaya CM prior to 3.1.3, where Apache Tomcat allows external-interface connections via port 8009. This exposure can enable external access from outside networks. The vulnerability is tied to the misconfiguration/exposure of por...

CVE-2007-1490

CVE-2007-1490 affects Avaya equipment (S87XX, S8500, S8300 prior to CM 3.1.3 and Avaya SES). The issue is shell command injection via shell metacharacters in unspecified maintenance web pages/entry points, exploitable by remote authenticated users. Affected component/functionality is unspecified;...