Vulnerabilities > Alcatel Lucent
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-09 | CVE-2015-6498 | 7PK - Security Features vulnerability in Alcatel-Lucent Home Device Manager 4.2.0/4.2.1 Alcatel-Lucent Home Device Manager before 4.1.10, 4.2.x before 4.2.2 allows remote attackers to spoof and make calls as target devices. | 5.0 |
| 2017-03-23 | CVE-2015-8687 | Cross-site Scripting vulnerability in Alcatel-Lucent Motive Home Device Manager Multiple cross-site scripting (XSS) vulnerabilities in the Management Console in Alcatel-Lucent Motive Home Device Manager (HDM) before 4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceTypeID parameter to DeviceType/getDeviceType.do; the (2) policyActionClass or (3) policyActionName parameter to PolicyAction/findPolicyActions.do; the deviceID parameter to (4) SingleDeviceMgmt/getDevice.do or (5) device/editDevice.do; the operation parameter to (6) ajax.do or (7) xmlHttp.do; or the (8) policyAction, (9) policyClass, or (10) policyName parameter to policy/findPolicies.do. | 3.5 |
| 2016-12-03 | CVE-2016-9796 | Permissions, Privileges, and Access Controls vulnerability in Alcatel-Lucent Omnivista 8770 Network Management System 2.0/2.6/3.0 Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs interfaces, which can be queried using the GIOP protocol on TCP port 30024. | 10.0 |
| 2015-06-23 | CVE-2015-4586 | Cross-Site Request Forgery (CSRF) vulnerability in Alcatel-Lucent Cellpipe 7130 RG 5Ae.M2013 HOL Firmware 1.0.0.20H.Hol Cross-site request forgery (CSRF) vulnerability in Alcatel-Lucent CellPipe 7130 RG 5Ae.M2013 HOL with firmware 1.0.0.20h.HOL allows remote attackers to hijack the authentication of administrators for requests that create a user account via an add_user action in a request to password.cmd. | 6.8 |
| 2015-06-18 | CVE-2015-4587 | Cross-site Scripting vulnerability in Alcatel-Lucent Cellpipe 7130 Router Firmware 1.0.0.20H.Hol Cross-site scripting (XSS) vulnerability in the Alcatel-Lucent CellPipe 7130 router with firmware 1.0.0.20h.HOL allows remote attackers to inject arbitrary web script or HTML via the "Custom application" field in the "port triggering" menu. | 4.3 |
| 2015-06-16 | CVE-2015-2805 | Cross-Site Request Forgery (CSRF) vulnerability in Alcatel-Lucent Omniswitch Firmware Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request. | 6.8 |
| 2015-06-16 | CVE-2015-2804 | Information Exposure vulnerability in Alcatel-Lucent Omniswitch Firmware The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack. | 4.3 |
| 2013-08-20 | CVE-2013-4653 | Cross-Site Scripting vulnerability in Alcatel-Lucent products Multiple cross-site scripting (XSS) vulnerabilities in the signin functionality of ics in MyTeamwork services in Alcatel-Lucent Omnitouch 8660 My Teamwork before 6.7, Omnitouch 8670 Automated Message Delivery System (AMDS) before 6.7, Omnitouch 8460 Advanced Communication Server before 9.1, and OmniTouch 8400 Instant Communications Suite before 6.7.3 (1) allow remote attackers to inject arbitrary web script or HTML via a crafted URL that results in a reflected XSS or (2) allow user-assisted remote attackers to inject arbitrary web script or HTML via a user's personal bookmark entry that results in a stored XSS via unspecified vectors. | 4.3 |
| 2011-03-08 | CVE-2011-0345 | Path Traversal vulnerability in Alcatel-Lucent Omnivista 4760R5.0.07.05 Directory traversal vulnerability in the NMS server in Alcatel-Lucent OmniVista 4760 R5.1.06.03 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in HTTP GET requests, related to the lang variable. | 3.3 |
| 2011-03-08 | CVE-2011-0344 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Alcatel-Lucent Omnipcx Multiple stack-based buffer overflows in unspecified CGI programs in the Unified Maintenance Tool web interface in the embedded web server in the Communication Server (CS) in Alcatel-Lucent OmniPCX Enterprise before R9.0 H1.301.50 allow remote attackers to execute arbitrary code via crafted HTTP headers. | 5.8 |