Al Enterprise

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-20049 1Al Enterprise 1Omnivista 4760 Nov 21, 2024 Dec 27, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An issue was discovered on Alcatel-Lucent OmniVista 4760 devices. A remote unauthenticated attacker can chain a directory traversal (which helps to bypass authentication) with an insecure file upload to achieve Remote Co...Show more An issue was discovered on Alcatel-Lucent OmniVista 4760 devices. A remote unauthenticated attacker can chain a directory traversal (which helps to bypass authentication) with an insecure file upload to achieve Remote Code Execution as SYSTEM. The directory traversal is in the __construct() whereas the insecure file upload is in SetSkinImages().Show less
CVE-2019-20048 1Al Enterprise 1Omnivista 8770 Nov 21, 2024 Dec 27, 2019 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 An issue was discovered on Alcatel-Lucent OmniVista 8770 devices before 4.1.2. An authenticated remote attacker, with elevated privileges in the Web Directory component on port 389, may upload a PHP file to achieve Remot...Show more An issue was discovered on Alcatel-Lucent OmniVista 8770 devices before 4.1.2. An authenticated remote attacker, with elevated privileges in the Web Directory component on port 389, may upload a PHP file to achieve Remote Code Execution as SYSTEM.Show less
CVE-2019-20047 1Al Enterprise 2Omnivista 4760 Omnivista 8770 Nov 21, 2024 Dec 27, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered on Alcatel-Lucent OmniVista 4760 devices, and 8770 devices before 4.1.2. An incorrect web server configuration allows a remote unauthenticated attacker to retrieve the content of its own session f...Show more An issue was discovered on Alcatel-Lucent OmniVista 4760 devices, and 8770 devices before 4.1.2. An incorrect web server configuration allows a remote unauthenticated attacker to retrieve the content of its own session files. Every session file contains the administrative LDAP credentials encoded in a reversible format. Sessions are stored in /sessions/sess_<sessionid>.Show less
CVE-2019-14260 1Al Enterprise 18008 Firmware Nov 21, 2024 Aug 1, 2019 N/A· v4 8.0 HIGH· v3 7.7 HIGH· v2 On the Alcatel-Lucent Enterprise (ALE) 8008 Cloud Edition Deskphone VoIP phone with firmware 1.50.13, a command injection (missing input validation) issue in the password change field for the Change Password interface al...Show more On the Alcatel-Lucent Enterprise (ALE) 8008 Cloud Edition Deskphone VoIP phone with firmware 1.50.13, a command injection (missing input validation) issue in the password change field for the Change Password interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request.Show less
CVE-2007-3010 1Al Enterprise 1Omnipcx Enterprise Communication Server Apr 21, 2026 Sep 18, 2007 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a...Show more masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.Show less