Filtered by vendor Avaya
Subscribe
Total
122 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-1229 | 1 Avaya | 5 Cajun P550, Cajun P550r, Cajun P580 and 2 more | 2016-10-17 | 7.5 HIGH | N/A |
Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier contain undocumented accounts (1) manuf and (2) diag with default passwords, which allows remote attackers to gain privileges. | |||||
CVE-2011-5096 | 1 Avaya | 1 Aura Application Server 5300 | 2012-07-16 | 10.0 HIGH | N/A |
Stack-based buffer overflow in cstore.exe in the Media Application Server (MAS) in Avaya Aura Application Server 5300 (formerly Nortel Media Application Server) 1.x before 1.0.2 and 2.0 before Patch Bundle 10 allows remote attackers to execute arbitrary code via a crafted cs_anams parameter in a CONTENT_STORE_ADMIN_REQ packet. | |||||
CVE-2012-3811 | 1 Avaya | 1 Ip Office Customer Call Reporter | 2012-07-16 | 10.0 HIGH | N/A |
Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.13 Q1 2012 Maintenance Release allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it via a direct request. | |||||
CVE-2005-4471 | 1 Avaya | 1 Modular Messaging Message Storage Server | 2011-03-07 | 5.0 MEDIUM | N/A |
POP3 service in Avaya Modular Messaging Message Storage Server (MSS) 2.0 SP 4 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted packets. | |||||
CVE-2005-3989 | 1 Avaya | 1 Tn2602ap Ip Media Resource 320 Circuit Pack | 2011-03-07 | 7.8 HIGH | N/A |
Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack before vintage 9 firmware allows remote attackers to cause a denial of service (memory consumption) via crafted VoIP packets. | |||||
CVE-2005-3253 | 2 Avaya, Proxim | 10 Wireless Ap-3, Wireless Ap-4, Wireless Ap-5 and 7 more | 2011-03-07 | 7.5 HIGH | N/A |
Wireless Access Points (AP) for (1) Avaya AP-3 through AP-6 2.5 to 2.5.4, and AP-7/AP-8 2.5 and other versions before 3.1, and (2) Proxim AP-600 and AP-2000 before 2.5.5, and Proxim AP-700 and AP-4000 after 2.4.11 and before 3.1, use a static WEP key of "12345", which allows remote attackers to bypass authentication. | |||||
CVE-2007-5830 | 1 Avaya | 2 Message Networking, Messaging Storage Server | 2008-11-14 | 7.8 HIGH | N/A |
Unspecified vulnerability in the administrative interface in Avaya Messaging Storage Server (MSS) 3.1 before SP1, and Message Networking (MN) 3.1, allows remote attackers to cause a denial of service via unspecified vectors related to "input validation." | |||||
CVE-2007-3286 | 1 Avaya | 1 Ip Soft Phone | 2008-11-14 | 6.8 MEDIUM | N/A |
Multiple buffer overflows in unspecified ActiveX controls in COM objects in Avaya IP Softphone R5.2 before SP3, and R6.0, allow remote attackers to execute arbitrary code via unspecified vectors. | |||||
CVE-2002-0175 | 1 Avaya | 1 Libsafe | 2008-09-10 | 4.6 MEDIUM | N/A |
libsafe 2.0-11 and earlier allows attackers to bypass protection against format string vulnerabilities via format strings that use the "'" and "I" characters, which are implemented in libc but not libsafe. | |||||
CVE-2002-0176 | 1 Avaya | 1 Libsafe | 2008-09-10 | 4.6 MEDIUM | N/A |
The printf wrappers in libsafe 2.0-11 and earlier do not properly handle argument indexing specifiers, which could allow attackers to exploit certain function calls through arguments that are not verified by libsafe. | |||||
CVE-2007-5556 | 1 Avaya | 1 Voip Handset | 2008-09-05 | 7.8 HIGH | N/A |
Unspecified vulnerability in the Avaya VoIP Handset allows remote attackers to cause a denial of service (reboot) via crafted packets. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
CVE-2007-1490 | 1 Avaya | 1 Communication Manager | 2008-09-05 | 6.0 MEDIUM | N/A |
Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allow remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors (aka "shell command injection"). | |||||
CVE-2007-1367 | 1 Avaya | 4 S8300, S8500, S8700 and 1 more | 2008-09-05 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the login page in Avaya Communications Manager (CM) S87XX, S8500, and S8300 products before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Login field. | |||||
CVE-2007-1491 | 1 Avaya | 4 S8300, S8500, S8700 and 1 more | 2008-09-05 | 5.2 MEDIUM | N/A |
Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties. | |||||
CVE-2006-0718 | 1 Avaya | 5 Csu 5000, Vsu 100, Vsu 10000 and 2 more | 2008-09-05 | 5.0 MEDIUM | N/A |
The Internet Key Exchange version 1 (IKEv1) implementation in Avaya VSU 100, 2000, 7500, 10000, and CSU 5000, when running IPSec, allows remote attackers to cause a denial of service (crash) via certain IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. | |||||
CVE-2005-2762 | 1 Avaya | 1 Vpnremote | 2008-09-05 | 2.1 LOW | N/A |
Avaya VPNRemote before 4.2.33 stores credentials in cleartext in process memory, which allows attackers to obtain the VPN user's credentials. | |||||
CVE-2005-1125 | 1 Avaya | 1 Libsafe | 2008-09-05 | 5.1 MEDIUM | N/A |
Race condition in libsafe 2.0.16 and earlier, when running in multi-threaded applications, allows attackers to bypass libsafe protection and exploit other vulnerabilities before the _libsafe_die function call is completed. | |||||
CVE-2002-1448 | 1 Avaya | 3 Cajun M770-atm, Cajun P130, Cajun P330 | 2008-09-05 | 7.5 HIGH | N/A |
An undocumented SNMP read/write community string ('NoGaH$@!') in Avaya P330, P130, and M770-ATM Cajun products allows remote attackers to gain administrative privileges. | |||||
CVE-2001-1262 | 1 Avaya | 1 Argent Office | 2008-09-05 | 7.5 HIGH | N/A |
Avaya Argent Office 2.1 compares a user-provided SNMP community string with the correct string only up to the length of the user-provided string, which allows remote attackers to bypass authentication with a 0 length community string. | |||||
CVE-2001-1261 | 1 Avaya | 1 Argent Office | 2008-09-05 | 5.0 MEDIUM | N/A |
Avaya Argent Office 2.1 may allow remote attackers to change hold music by spoofing a legitimate server's response to a TFTP broadcast and providing an alternate HoldMusic file. |