Vulnerabilities > Alcatel Lucent
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-09-23 | CVE-2010-3281 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Alcatel-Lucent Omnivista 4760 Server Stack-based buffer overflow in the HTTP proxy service in Alcatel-Lucent OmniVista 4760 server before R5.1.06.03.c_Patch3 allows remote attackers to execute arbitrary code or cause a denial of service (service crash) via a long request. | 5.4 |
| 2010-09-23 | CVE-2010-3280 | Information Exposure vulnerability in Alcatel-Lucent Ccagent and Omnitouch Contact Center The CCAgent option 9.0.8.4 and earlier in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition relies on client-side authorization checking, and unconditionally sends the SuperUser password to the client for use during an authorized session, which allows remote attackers to monitor or reconfigure Contact Center operations via a modified client application. | 6.9 |
| 2010-09-23 | CVE-2010-3279 | Configuration vulnerability in Alcatel-Lucent Ccagent and Omnitouch Contact Center The default configuration of the CCAgent option before 9.0.8.4 in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition enables maintenance access, which allows remote attackers to monitor or reconfigure Contact Center operations via vectors involving TSA_maintenance.exe. | 7.6 |
| 2008-10-03 | CVE-2008-4383 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Alcatel AOS Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie. | 10.0 |
| 2008-04-02 | CVE-2008-1331 | Improper Input Validation vulnerability in Alcatel-Lucent Omnipcx Office cgi-data/FastJSData.cgi in OmniPCX Office with Internet Access services OXO210 before 210/091.001, OXO600 before 610/014.001, and other versions, allows remote attackers to execute arbitrary commands and "obtain OXO resources" via shell metacharacters in the id2 parameter. | 10.0 |
| 2007-11-20 | CVE-2007-5361 | Information Disclosure And Denial Of Service vulnerability in OmniPCX Enterprise Audio Rerouting The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service (loss of audio) or intercept voice communications via a crafted TFTP request containing the phone's MAC address in the filename. | 8.5 |
| 2007-10-22 | CVE-2007-5190 | Cross-Site Scripting vulnerability in Alcatel-Lucent Omnivista Multiple cross-site scripting (XSS) vulnerabilities in Alcatel OmniVista 4760 R4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the action parameter to php-bin/Webclient.php or (2) the Langue parameter to the default URI. | 4.3 |
| 2007-09-18 | CVE-2007-3010 | Improper Input Validation vulnerability in Alcatel-Lucent Omnipcx 7.1 masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action. | 10.0 |
| 2007-06-07 | CVE-2007-2512 | Unspecified vulnerability in Alcatel-Lucent Omnipcx 7.0 Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0 and later enables the mini switch by default, which allows attackers to gain access to the voice VLAN via daisy-chained systems. | 7.5 |
| 2007-04-02 | CVE-2007-1822 | Remote Security vulnerability in Voice Mail System Alcatel-Lucent Lucent Technologies voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID). | 10.0 |