Check CVE Id
Check CWE Id
Multiple buffer overflows in unspecified ActiveX controls in COM objects in Avaya IP Softphone R5.2 before SP3, and R6.0, allow remote attackers to execute arbitrary code via unspecified vectors.
(Improper Restriction of Operations within the Bounds of a Memory Buffer)
Ip soft phone
CVSS Base Score
A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Affected versions of Avaya Aura Conferencing include all 8.x versions prior to 8.0 SP14 (8.0....
A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya C...
An issue was discovered in Avaya one-X Portal for IP Office 18.104.22.168 and prior. The DownloadToLocalDriveServlet function from the AFA portal is only intended to download backup ZIP files from the server to the operator desktop; however, a malicious us...
A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system. Affected versions of IP Office Contact Center include all...
Avaya one-X Communicator uses weak cryptographic algorithms in the client authentication component that could allow a local attacker to decrypt sensitive information. Affected versions include all 6.2.x versions prior to 6.2 SP13.
A vulnerability in the "capro" (Call Processor) process component of Avaya Aura Communication Manager could allow a remote, unauthenticated user to cause denial of service. Affected versions include 6.3.x, all 7.x versions prior to 22.214.171.124, and all 8...
A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks via fields in the Conference Scheduler Service that could affect other application users. Affected versions of...
A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected versions include 6.3.x and all 7.x version prior to 7.1...
Back to Top