CVE-2018-18568

Polycom VVX 500/601 devices (affected versions

CVE-2018-18566

The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business...

CVE-2018-18566

Polycom VVX 500/601 devices (firmware

CVE-2018-18568

Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business...

Polycom VVX 500 / VVX 601 5.8.0.12848 Man-In-The-Middle

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Advisory ID: SYSS-2018-027 Product: VVX 500 / VVX 601 Manufacturer: Polycom Affected Versions: = 5.8.0.12848 Tested Versions: 5.4.0.10182, 5.8.0.12848 Vulnerability Type: X.509 validation - Man-in-the-Middle CWE-300 Risk Level: Medium Solution Statu...

Polycom VVX 500 / VVX 601 5.8.0.12848 Information Exposure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Advisory ID: SYSS-2018-028 Product: VVX 500 / VVX 601 Manufacturer: Polycom Affected Versions: OWNIP=192.168.100.102 if -z "$1" then echo "Please enter an IPv4 address as target" exit else TARGET=$1 fi echo 'OPTIONS sip:dummy SIP/2.0 Via: SIP/2.0/TC...

CVE-2018-12592

Polycom RealPresence Web Suite before 2.2.0 does not block a user's video for a few seconds upon joining a meeting when the user has explicitly chosen to turn off the video using a specific option. During those seconds, a meeting invitee may unknowingly be on camera with other participants able t...

Code injection

Polycom RealPresence Web Suite before 2.2.0 does not block a user's video for a few seconds upon joining a meeting when the user has explicitly chosen to turn off the video using a specific option. During those seconds, a meeting invitee may unknowingly be on camera with other participants able t...

CVE-2018-12592

Polycom RealPresence Web Suite before 2.2.0 does not block a user's video for a few seconds upon joining a meeting when the user has explicitly chosen to turn off the video using a specific option. During those seconds, a meeting invitee may unknowingly be on camera with other participants able t...

CVE-2018-12592

CVE-2018-12592 affects Polycom RealPresence Web Suite prior to 2.2.0. The issue is that the system fails to block a user’s video for a few seconds when joining a meeting if the user has explicitly disabled video via a specific option, potentially exposing an active video stream to other participa...

CVE-2025-34093

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/misc/polycomhdxtracerouteexec.rb 2025-10-23 21:13:04+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...

Polycom QDX 6000 Cross-Site Scripting Vulnerability

The Polycom QDX 6000 devices is a video conferencing endpoint device from Polycom. A cross-site scripting vulnerability exists in the Web application feature of the Polycom QDX 6000 devices. A remote attacker can exploit this vulnerability to execute arbitrary Javascript code in a user's web...

Polycom QDX 6000 Cross-Site Request Forgery Vulnerability

Polycom QDX 6000 devices is a video conferencing endpoint device from Polycom, Inc.Web application interface is one of the Web application interfaces. A cross-site request forgery vulnerability exists in the web application interface in Polycom QDX 6000 devices. A remote attacker could use this...

CVE-2018-7565

CSRF exists on Polycom QDX 6000 devices...

CVE-2018-7564

Stored XSS exists on Polycom QDX 6000 devices...

Cross site request forgery (csrf)

CSRF exists on Polycom QDX 6000 devices...

Cross site scripting

Stored XSS exists on Polycom QDX 6000 devices...

CVE-2018-7565

Polycom QDX 6000 devices expose a web interface CSRF vulnerability (CVE-2018-7565) that could allow a remote attacker to change arbitrary configuration settings. The CNVD entry confirms the issue as Cross-Site Request Forgery in the web application interface, with impact described as potential ch...

CVE-2018-7564

CVE-2018-7564 is a stored XSS vulnerability in the Web application of Polycom QDX 6000 devices. The issue is documented across multiple sources (NVD/NVD CVE entry, CNVD, PRION, CVE listing) as a Cross‑Site Scripting flaw that allows arbitrary JavaScript execution in a user’s browser when interact...

CVE-2018-7564

Stored XSS exists on Polycom QDX 6000 devices...