Polycom HDX Default Credentials (Telnet)

The Polycom device has default telnet credentials or passwordless login. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenSSL Memory Leak Vulnerability in Polycom HDX Series Video Conferencing Systems

The Polycom HDX Series of products are multipoint video conferencing system servers that provide easy-to-manage multipoint video and integrated conferencing services for next-generation real-time media conferencing platforms. An OpenSSL memory leak vulnerability exists in the Polycom HDX Series...

Polycom HDX Telnet Authorization Bypass

No description provided by source. ======================================================================== = Polycom HDX Telnet Authorization Bypass = = Vendor Website: = www.polycom.com = = Affected Version: = Polycom HDX devices: = All releases prior to and including Commercial 3.0.5 = = Publi...

Polycom HDX < 3.1.1.2 Multiple Vulnerabilities

According to its self-reported version number, the firmware installed on the remote host is affected by multiple vulnerabilities : - A command shell authorization bypass vulnerability exists that could be used by a malicious user to gain unauthorized access to the system, which could result in...

n.runs-SA-2013.001 - Polycom - Command Shell Grants System-Level Access

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2013.001 15-Mar-2013 Vendor: Polycom, http://www.polycom.com Affected Products: Polycom HDX Series Affected Version: 3.1.1.2 Vulnerability: Polycom Command Shell Grants System-Level Access Risk: LOW Overview: The Polycom Command Shell ...

n.runs-SA-2013.003 - Polycom - H.323 CDR Database SQL Injection

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2013.003 15-Mar-2013 Vendor: Polycom, http://www.polycom.com Affected Products: Polycom HDX Series Affected Version: 3.1.1.2 Vulnerability: Polycom H.323 CDR Database SQL Injection Risk: HIGH Overview: For every received H.323 SETUP...

Polycom HDX multiple security vulnerabilities

Format string vulnerability, SQL injection, code execution, privilege escalation...

Polycom H.323 CDR Database SQL Injection

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2013.003 15-Mar-2013 Vendor: Polycom, http://www.polycom.com Affected Products: Polycom HDX Series Affected Version: 3.1.1.2 Vulnerability: Polycom H.323 CDR Database SQL Injection Risk: HIGH Overview: For every received H.323 SETUP...

Polycom Firmware Update Command Injection

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2013.002 15-Mar-2013 Vendor: Polycom, http://www.polycom.com Affected Products: Polycom HDX Series Affected Version: 3.1.1.2 Vulnerability: Polycom Firmware Update Command Injection Risk: MEDIUM Overview: Polycom HDX systems can be...

Polycom HDX - Telnet Authentication Bypass (Metasploit)

Polycom HDX - Telnet Authentication Bypass Metasploit ======================================================================== = Polycom HDX Telnet Authorization Bypass = = Vendor Website: = www.polycom.com = = Affected Version: = Polycom HDX devices: = All releases prior to and including...

Polycom HDX Telnet Authorization Bypass Vulnerability

The Polycom HDX is a series of telecommunication and video devices. The telnet component of Polycom HDX video endpoint devices is vulnerable to an authorization bypass when multiple simultaneous connections are repeatedly made to the service, allowing remote network attackers to gain full access ...

CVE-2012-4970

Cross-site scripting XSS vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1J, and commercial software before 3.0.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1J, and commercial software before 3.0.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2012-4970

Cross-site scripting XSS vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1J, and commercial software before 3.0.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2012-4970

CVE-2012-4970 is a cross-site scripting (XSS) vulnerability in the web management interface of Polycom HDX Video End Points. Affected software includes UC APL prior to 2.7.1_J and commercial prior to 3.0.5. Polycom fixed the issue starting with commercial build 3.0.5 and UC APL 2.7.1.1_J; the spe...

Polycom Web Management Interface Directory Traversal

===== Tempest Security Intelligence - Advisory 01 / 2012 ================== Path Traversal on Polycom Web Management Interface -------------------------------------------------- Authors: - Heyder Andrade: - @heyderandrade - http://linkedin.com/in/heyderandrade - - Joao Paulo Caldas Campello: -...