[CLOSE] OSVDB ID : 46583 - Disclosed: 2008-06-25

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 46582 - Disclosed: 2008-06-25

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated administrators to gain root privileges via unknown vectors related to "configuring data viewing or restoring credentials."

[CLOSE] OSVDB ID : 46581 - Disclosed: 2008-06-25

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated users to execute arbitrary commands via unknown vectors related to "viewing system logs."

[CLOSE] OSVDB ID : 74345 - Disclosed: 2011-04-19

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 33297 - Disclosed: 2007-03-07

Description:

Avaya Communication Manager in Avaya S8300 Media Server, S8500 Media Server, and S87XX-Series Media Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not properly validate JavaScript input passed to the "Login" form field parameter on Communication Manager's login page. This could allow a user to execute arbitrary JavaScript code in the context of the affected application, leading to a loss of integrity.

[CLOSE] OSVDB ID : 61010 - Disclosed: 2005-11-14

Description:

(Description Provided by CVE) : Multiple buffer overflows in multiple unspecified implementations of Internet Key Exchange version 1 (IKEv1) have multiple unspecified attack vectors and impacts related to denial of service, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of information in the original sources, it is likely that this candidate will be REJECTed once it is known which implementations are actually vulnerable.

[CLOSE] OSVDB ID : 76657 - Disclosed: 2011-10-18

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 78922 - Disclosed: 2012-02-08

Description:

Avaya Interaction Center is prone to an overflow condition. The vesporb.dll library within the Avaya IC ORB service fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted packet, a remote attacker can potentially cause arbitrary code execution.

[CLOSE] OSVDB ID : 60525 - Disclosed: 2009-09-17

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 60524 - Disclosed: 2009-09-17

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 60523 - Disclosed: 2009-09-17

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 60526 - Disclosed: 2009-09-17

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 83399 - Disclosed: 2012-06-28

Description:

Avaya IP Office Customer Call Reporter contains a flaw that allows a remote user to execute arbitrary PHP code. This flaw exists because the ImageUpload.ashx script does not properly verify or sanitize user-uploaded files. By uploading a .php file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the user to execute the script.

[CLOSE] OSVDB ID : 71282 - Disclosed: 2011-03-24

Description:

Avaya IP Office Manager contains a flaw that may allow a remote denial of service. The issue is triggered when an error occurs when processing TFTP requests, allowing an attacker to use a crafted packet to cause a denial of service.

[CLOSE] OSVDB ID : 73121 - Disclosed: 2011-06-13

Description:

Avaya IP Office Manager contains a flaw that allows a local attacker to traverse outside of a restricted path. The issue is due to the program not properly sanitizing TFTP requests, specifically directory traversal style attacks (e.g., ../../). This directory traversal attack would allow the attacker to access arbitrary files.

[CLOSE] OSVDB ID : 14206 - Disclosed: 2005-02-22

Description:

IP office phone manager contains a flaw that may lead to an unauthorized password exposure. It is possible for any local user to gain access to encrypted passwords that are stored in the registry, which may lead to a loss of confidentiality.

[CLOSE] OSVDB ID : 38258 - Disclosed: 2007-09-11

Description:

(Description Provided by CVE) : Multiple buffer overflows in unspecified ActiveX controls in COM objects in Avaya IP Softphone R5.2 before SP3, and R6.0, allow remote attackers to execute arbitrary code via unspecified vectors.

[CLOSE] OSVDB ID : 48938 - Disclosed: 2008-10-08

Description:

(Description Provided by CVE) : Unspecified vulnerability in Avaya IP Softphone 6.0 SP4 and 6.01.85 allows remote attackers to cause a denial of service (crash) via a large amount of H.323 data.

[CLOSE] OSVDB ID : 46588 - Disclosed: 2008-06-25

Description:

(Description Provided by CVE) : Multiple unspecified "input validation" vulnerabilities in the Web management interface (aka Messaging Administration interface) in Avaya Message Storage Server (MSS) 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute arbitrary commands as user vexvm via vectors related to (1) SFTP Remote Store configuration; (2) remote FTP storage settings; (3) name server lookup; (4) pinging another host; (5) TCP/IP Networking parameter configuration; (6) the external hosts configuration main page; (7) adding and changing external hosts; (8) Windows domain parameter configuration; (9) date, time, and NTP server configuration; (10) alarm settings; (11) the command line history form; (12) the maintenance form; and (13) the server events form.

[CLOSE] OSVDB ID : 46587 - Disclosed: 2008-06-25

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 46591 - Disclosed: 2008-06-25

Description:

(Description Provided by CVE) : Multiple unspecified "input validation" vulnerabilities in the Web management interface (aka Messaging Administration interface) in Avaya Message Storage Server (MSS) 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute arbitrary commands as user vexvm via vectors related to (1) SFTP Remote Store configuration; (2) remote FTP storage settings; (3) name server lookup; (4) pinging another host; (5) TCP/IP Networking parameter configuration; (6) the external hosts configuration main page; (7) adding and changing external hosts; (8) Windows domain parameter configuration; (9) date, time, and NTP server configuration; (10) alarm settings; (11) the command line history form; (12) the maintenance form; and (13) the server events form.

[CLOSE] OSVDB ID : 46586 - Disclosed: 2008-06-25

Description:

(Description Provided by CVE) : Multiple unspecified "input validation" vulnerabilities in the Web management interface (aka Messaging Administration interface) in Avaya Message Storage Server (MSS) 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute arbitrary commands as user vexvm via vectors related to (1) SFTP Remote Store configuration; (2) remote FTP storage settings; (3) name server lookup; (4) pinging another host; (5) TCP/IP Networking parameter configuration; (6) the external hosts configuration main page; (7) adding and changing external hosts; (8) Windows domain parameter configuration; (9) date, time, and NTP server configuration; (10) alarm settings; (11) the command line history form; (12) the maintenance form; and (13) the server events form.

[CLOSE] OSVDB ID : 46594 - Disclosed: 2008-06-25

Description:

(Description Provided by CVE) : Multiple unspecified "input validation" vulnerabilities in the Web management interface (aka Messaging Administration interface) in Avaya Message Storage Server (MSS) 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute arbitrary commands as user vexvm via vectors related to (1) SFTP Remote Store configuration; (2) remote FTP storage settings; (3) name server lookup; (4) pinging another host; (5) TCP/IP Networking parameter configuration; (6) the external hosts configuration main page; (7) adding and changing external hosts; (8) Windows domain parameter configuration; (9) date, time, and NTP server configuration; (10) alarm settings; (11) the command line history form; (12) the maintenance form; and (13) the server events form.

[CLOSE] OSVDB ID : 46593 - Disclosed: 2008-06-25

Description:

(Description Provided by CVE) : Multiple unspecified "input validation" vulnerabilities in the Web management interface (aka Messaging Administration interface) in Avaya Message Storage Server (MSS) 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute arbitrary commands as user vexvm via vectors related to (1) SFTP Remote Store configuration; (2) remote FTP storage settings; (3) name server lookup; (4) pinging another host; (5) TCP/IP Networking parameter configuration; (6) the external hosts configuration main page; (7) adding and changing external hosts; (8) Windows domain parameter configuration; (9) date, time, and NTP server configuration; (10) alarm settings; (11) the command line history form; (12) the maintenance form; and (13) the server events form.

[CLOSE] OSVDB ID : 46595 - Disclosed: 2008-06-25

Description:

(Description Provided by CVE) : Multiple unspecified "input validation" vulnerabilities in the Web management interface (aka Messaging Administration interface) in Avaya Message Storage Server (MSS) 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute arbitrary commands as user vexvm via vectors related to (1) SFTP Remote Store configuration; (2) remote FTP storage settings; (3) name server lookup; (4) pinging another host; (5) TCP/IP Networking parameter configuration; (6) the external hosts configuration main page; (7) adding and changing external hosts; (8) Windows domain parameter configuration; (9) date, time, and NTP server configuration; (10) alarm settings; (11) the command line history form; (12) the maintenance form; and (13) the server events form.

[CLOSE] OSVDB ID : 46585 - Disclosed: 2008-06-25

Description:

(Description Provided by CVE) : Multiple unspecified "input validation" vulnerabilities in the Web management interface (aka Messaging Administration interface) in Avaya Message Storage Server (MSS) 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute arbitrary commands as user vexvm via vectors related to (1) SFTP Remote Store configuration; (2) remote FTP storage settings; (3) name server lookup; (4) pinging another host; (5) TCP/IP Networking parameter configuration; (6) the external hosts configuration main page; (7) adding and changing external hosts; (8) Windows domain parameter configuration; (9) date, time, and NTP server configuration; (10) alarm settings; (11) the command line history form; (12) the maintenance form; and (13) the server events form.

[CLOSE] OSVDB ID : 46592 - Disclosed: 2008-06-25

Description:

(Description Provided by CVE) : Multiple unspecified "input validation" vulnerabilities in the Web management interface (aka Messaging Administration interface) in Avaya Message Storage Server (MSS) 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute arbitrary commands as user vexvm via vectors related to (1) SFTP Remote Store configuration; (2) remote FTP storage settings; (3) name server lookup; (4) pinging another host; (5) TCP/IP Networking parameter configuration; (6) the external hosts configuration main page; (7) adding and changing external hosts; (8) Windows domain parameter configuration; (9) date, time, and NTP server configuration; (10) alarm settings; (11) the command line history form; (12) the maintenance form; and (13) the server events form.

[CLOSE] OSVDB ID : 46589 - Disclosed: 2008-06-25

Description:

(Description Provided by CVE) : Multiple unspecified "input validation" vulnerabilities in the Web management interface (aka Messaging Administration interface) in Avaya Message Storage Server (MSS) 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute arbitrary commands as user vexvm via vectors related to (1) SFTP Remote Store configuration; (2) remote FTP storage settings; (3) name server lookup; (4) pinging another host; (5) TCP/IP Networking parameter configuration; (6) the external hosts configuration main page; (7) adding and changing external hosts; (8) Windows domain parameter configuration; (9) date, time, and NTP server configuration; (10) alarm settings; (11) the command line history form; (12) the maintenance form; and (13) the server events form.

[CLOSE] OSVDB ID : 46590 - Disclosed: 2008-06-25

Description:

(Description Provided by CVE) : Multiple unspecified "input validation" vulnerabilities in the Web management interface (aka Messaging Administration interface) in Avaya Message Storage Server (MSS) 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute arbitrary commands as user vexvm via vectors related to (1) SFTP Remote Store configuration; (2) remote FTP storage settings; (3) name server lookup; (4) pinging another host; (5) TCP/IP Networking parameter configuration; (6) the external hosts configuration main page; (7) adding and changing external hosts; (8) Windows domain parameter configuration; (9) date, time, and NTP server configuration; (10) alarm settings; (11) the command line history form; (12) the maintenance form; and (13) the server events form.

[CLOSE] OSVDB ID : 22013 - Disclosed: 2005-12-19

Description:

(Description Provided by CVE) : POP3 service in Avaya Modular Messaging Message Storage Server (MSS) 2.0 SP 4 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted packets.