Directory traversal vulnerability in the NMS server in Alcatel-Lucent OmniVista 4760 R5.1.06.03 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in HTTP GET requests, related to the lang variable.
seclists.org/fulldisclosure/2011/Mar/8
secunia.com/advisories/43507
securityreason.com/securityalert/8122
www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2011002.pdf
www.securityfocus.com/archive/1/516768/100/0/threaded
www.securityfocus.com/bid/46624
www.vupen.com/english/advisories/2011/0548
exchange.xforce.ibmcloud.com/vulnerabilities/65848