Search Results (140 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-1490 1 Avaya 1 Communication Manager 2026-04-23 N/A
Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allow remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors (aka "shell command injection").
CVE-2007-1491 1 Avaya 4 S8300, S8500, S8700 and 1 more 2026-04-23 N/A
Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
CVE-2008-6140 1 Avaya 1 One-x 2026-04-23 N/A
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Avaya one-X Desktop Edition 2.1.0.78 allows remote attackers to cause a denial of service (crash) via unspecified vectors.
CVE-2007-3322 1 Avaya 1 4602sw Ip Phone 2026-04-23 N/A
The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware uses a constant media port number for calls, which allows remote attackers to cause a denial of service (audio quality loss) via a flood of packets to the RTP port.
CVE-2008-6141 1 Avaya 1 Ip Soft Phone 2026-04-23 N/A
Unspecified vulnerability in Avaya IP Softphone 6.0 SP4 and 6.01.85 allows remote attackers to cause a denial of service (crash) via a large amount of H.323 data.
CVE-2007-5556 1 Avaya 1 Voip Handset 2026-04-23 N/A
Unspecified vulnerability in the Avaya VoIP Handset allows remote attackers to cause a denial of service (reboot) via crafted packets. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
CVE-2008-3777 1 Avaya 3 Communication Manager, S8300c Server, Sip Enablement Services 2026-04-23 N/A
The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, writes account names and passwords to the (1) alarm and (2) system logs during failed login attempts, which allows local users to obtain login credentials by reading these logs.
CVE-2008-5882 2 Avaya, Citrix 4 Ag250, Broadcast Server, Application Gateway For Avaya and 1 more 2026-04-23 N/A
SQL injection vulnerability in login.asp in Citrix Application Gateway - Broadcast Server (BCS) before 6.1, as used by Avaya AG250 - Broadcast Server before 2.0 and possibly other products, allows remote attackers to execute arbitrary SQL commands via the txtUID parameter.
CVE-2008-6711 1 Avaya 1 Communication Manager 2026-04-23 N/A
Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated users to execute arbitrary commands via unknown vectors related to "viewing system logs."
CVE-2007-3286 1 Avaya 1 Ip Soft Phone 2026-04-23 N/A
Multiple buffer overflows in unspecified ActiveX controls in COM objects in Avaya IP Softphone R5.2 before SP3, and R6.0, allow remote attackers to execute arbitrary code via unspecified vectors.
CVE-2007-3317 1 Avaya 1 One-x 2026-04-23 N/A
The Session Initiation Protocol (SIP) User Access Client (UAC) message parsing module in Avaya one-X Desktop Edition 2.1.0.70 and earlier allows remote attackers to cause a denial of service (device crash) via a malformed SIP message.
CVE-2007-3318 1 Avaya 1 One-x 2026-04-23 N/A
Buffer overflow in the Session Initiation Protocol (SIP) User Access Client (UAC) message parsing module in Avaya one-X Desktop Edition 2.1.0.70 and earlier allows remote attackers to cause a denial of service (call reception outage) via a malformed SIP message.
CVE-2007-3319 1 Avaya 1 4602sw Ip Phone 2026-04-23 N/A
The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware does not use the cnonce parameter in the Authorization header of SIP requests during MD5 digest authentication, which allows remote attackers to conduct man-in-the-middle attacks and hijack or intercept communications.
CVE-2007-3320 1 Avaya 1 4602sw Ip Phone 2026-04-23 N/A
The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware accepts SIP INVITE requests from arbitrary source IP addresses, which allows remote attackers to have an unspecified impact.
CVE-2007-3321 1 Avaya 1 4602sw Ip Phone 2026-04-23 N/A
The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware allows remote attackers to cause a denial of service (device reboot) via a flood of packets to the BOOTP port (68/udp).
CVE-2003-1359 2 Avaya, Hp 2 Predictive Dialer System, Hp-ux 2026-04-16 N/A
Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22 allows local users to gain privileges via a long command line argument.
CVE-2005-3989 1 Avaya 1 Tn2602ap Ip Media Resource 320 Circuit Pack 2026-04-16 N/A
Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack before vintage 9 firmware allows remote attackers to cause a denial of service (memory consumption) via crafted VoIP packets.
CVE-2002-0176 1 Avaya 1 Libsafe 2026-04-16 N/A
The printf wrappers in libsafe 2.0-11 and earlier do not properly handle argument indexing specifiers, which could allow attackers to exploit certain function calls through arguments that are not verified by libsafe.
CVE-2005-1125 1 Avaya 1 Libsafe 2026-04-16 N/A
Race condition in libsafe 2.0.16 and earlier, when running in multi-threaded applications, allows attackers to bypass libsafe protection and exploit other vulnerabilities before the _libsafe_die function call is completed.
CVE-2002-1448 1 Avaya 3 Cajun M770-atm, Cajun P130, Cajun P330 2026-04-16 N/A
An undocumented SNMP read/write community string ('NoGaH$@!') in Avaya P330, P130, and M770-ATM Cajun products allows remote attackers to gain administrative privileges.