Vulnerabilities > Avaya > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-04-01 | CVE-2008-6575 | Unspecified vulnerability in Avaya Communication Manager Unspecified vulnerability in the SIP server in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote authenticated users to cause a denial of service (resource consumption) via unknown vectors. | 6.8 |
| 2009-04-01 | CVE-2008-6573 | SQL Injection vulnerability in Avaya Communication Manager Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to the SIP server. | 6.8 |
| 2009-02-14 | CVE-2008-6141 | Resource Management Errors vulnerability in Avaya IP Soft Phone 6.0/6.01.85 Unspecified vulnerability in Avaya IP Softphone 6.0 SP4 and 6.01.85 allows remote attackers to cause a denial of service (crash) via a large amount of H.323 data. | 5.0 |
| 2009-02-14 | CVE-2008-6140 | Remote Denial Of Service vulnerability in Avaya One-X 2.1.0.78 Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Avaya one-X Desktop Edition 2.1.0.78 allows remote attackers to cause a denial of service (crash) via unspecified vectors. | 5.0 |
| 2008-12-24 | CVE-2008-5710 | Configuration vulnerability in Avaya Communication Manager Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1.x, 4.0.3, and 5.x allow remote attackers to read (1) configuration files, (2) log files, (3) binary image files, and (4) help files via unknown vectors. | 5.0 |
| 2008-07-09 | CVE-2008-3081 | Improper Input Validation vulnerability in Avaya Messaging Storage Server 3/3.1/4.0 Multiple unspecified "input validation" vulnerabilities in the Web management interface (aka Messaging Administration interface) in Avaya Message Storage Server (MSS) 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute arbitrary commands as user vexvm via vectors related to (1) SFTP Remote Store configuration; (2) remote FTP storage settings; (3) name server lookup; (4) pinging another host; (5) TCP/IP Networking parameter configuration; (6) the external hosts configuration main page; (7) adding and changing external hosts; (8) Windows domain parameter configuration; (9) date, time, and NTP server configuration; (10) alarm settings; (11) the command line history form; (12) the maintenance form; and (13) the server events form. | 6.5 |
| 2007-09-19 | CVE-2007-3286 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Avaya IP Soft Phone 5.2/6.0 Multiple buffer overflows in unspecified ActiveX controls in COM objects in Avaya IP Softphone R5.2 before SP3, and R6.0, allow remote attackers to execute arbitrary code via unspecified vectors. | 6.8 |
| 2007-03-16 | CVE-2007-1491 | Remote Security vulnerability in S8500 Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties. low complexity avaya | 5.2 |
| 2007-03-16 | CVE-2007-1490 | Remote Security vulnerability in Communication Manager Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allow remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors (aka "shell command injection"). network avaya | 6.0 |
| 2007-03-09 | CVE-2007-1367 | Remote Code Execution vulnerability in Avaya Communications Manager Javascript Cross-site scripting (XSS) vulnerability in the login page in Avaya Communications Manager (CM) S87XX, S8500, and S8300 products before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Login field. network avaya | 4.3 |