Vulnerabilities > Avaya
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-03-16 | CVE-2007-1491 | Remote Security vulnerability in S8500 Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties. low complexity avaya | 5.2 |
| 2007-03-16 | CVE-2007-1490 | Remote Security vulnerability in Communication Manager Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allow remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors (aka "shell command injection"). network avaya | 6.0 |
| 2007-03-09 | CVE-2007-1367 | Remote Code Execution vulnerability in Avaya Communications Manager Javascript Cross-site scripting (XSS) vulnerability in the login page in Avaya Communications Manager (CM) S87XX, S8500, and S8300 products before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Login field. network avaya | 4.3 |
| 2006-04-04 | CVE-2006-1058 | Use of Password Hash With Insufficient Computational Effort vulnerability in multiple products BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables. | 5.5 |
| 2006-02-15 | CVE-2006-0718 | Denial of Service vulnerability in Avaya VSU/CSU Products ISAKMP IKE Traffic The Internet Key Exchange version 1 (IKEv1) implementation in Avaya VSU 100, 2000, 7500, 10000, and CSU 5000, when running IPSec, allows remote attackers to cause a denial of service (crash) via certain IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | 5.0 |
| 2005-12-31 | CVE-2005-2762 | Local Security vulnerability in Vpnremote Avaya VPNRemote before 4.2.33 stores credentials in cleartext in process memory, which allows attackers to obtain the VPN user's credentials. | 2.1 |
| 2005-12-22 | CVE-2005-4471 | Remote Denial of Service vulnerability in Avaya Modular Messaging Message Storage Server 1.1/2.0 POP3 service in Avaya Modular Messaging Message Storage Server (MSS) 2.0 SP 4 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted packets. | 5.0 |
| 2005-12-16 | CVE-2005-3253 | Wireless Access Points (AP) for (1) Avaya AP-3 through AP-6 2.5 to 2.5.4, and AP-7/AP-8 2.5 and other versions before 3.1, and (2) Proxim AP-600 and AP-2000 before 2.5.5, and Proxim AP-700 and AP-4000 after 2.4.11 and before 3.1, use a static WEP key of "12345", which allows remote attackers to bypass authentication. | 7.5 |
| 2005-12-04 | CVE-2005-3989 | Remote Denial of Service vulnerability in Avaya TN2602AP IP Media Resource 320 Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack before vintage 9 firmware allows remote attackers to cause a denial of service (memory consumption) via crafted VoIP packets. | 7.8 |
| 2005-05-02 | CVE-2005-1125 | Unspecified vulnerability in Avaya Libsafe Race condition in libsafe 2.0.16 and earlier, when running in multi-threaded applications, allows attackers to bypass libsafe protection and exploit other vulnerabilities before the _libsafe_die function call is completed. | 5.1 |