Code injection

Polycom RealPresence Resource Manager aka RPRM before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests...

CVE-2015-4683

Polycom RealPresence Resource Manager aka RPRM before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests...

CVE-2015-4681

Polycom RealPresence Resource Manager aka RPRM before 8.4 allows local users to have unspecified impact via vectors related to weak passwords...

CVE-2015-4682

CVE-2015-4682 concerns Polycom RealPresence Resource Manager (RPRM) prior to 8.4. An authenticated remote user can disclose the installation path by issuing an HTTP POST to PlcmRmWeb/JConfigManager, exposing sensitive directory information without appropriate authorization checks. The vulnerabili...

CVE-2015-4685

Polycom RealPresence Resource Manager aka RPRM before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo misconfiguration...

CVE-2015-4685

CVE-2015-4685 affects Polycom RealPresence Resource Manager (RPRM) before 8.4. The issue is a sudo misconfiguration that lets the plcm user execute root commands via scripts in /var/polycom/cma/upgrade/scripts, enabling privilege escalation. Impact is described as full root access for an attacker...

CVE-2015-4683

Polycom RealPresence Resource Manager (RPRM) before version 8.4 is affected by CVE-2015-4683, where session IDs are transmitted as HTTP GET parameters. This can lead to sensitive data exposure and, in certain actions (e.g., file/download and log access), enable privilege escalation by an attacker...

CVE-2015-4684

Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager aka RPRM before 8.4 allow 1 remote authenticated users to read arbitrary files via a .. dot dot in the Modifier parameter to PlcmRmWeb/FileDownload; or remote authenticated administrators to upload arbitrary fil...

CVE-2015-4682

Polycom RealPresence Resource Manager aka RPRM before 8.4 allows remote authenticated users to obtain the installation path via an HTTP POST request to PlcmRmWeb/JConfigManager...

CVE-2015-4684

Polycom RealPresence Resource Manager (RPRM) up to version 8.3 is affected by CVE-2015-4684: multiple directory-traversal vulnerabilities that allow remote authenticated users to read arbitrary files via Modifier in PlcmRmWeb/FileDownload and remote authenticated administrators to upload arbitrar...

CVE-2015-4681

Polycom RealPresence Resource Manager (RPRM) <= 8.3.x is vulnerable to CVE-2015-4681 (and related CVEs) via vectors related to weak passwords, enabling local access with complete impact on confidentiality, integrity, and availability. The SEC Consult advisory reports multiple vulnerabilities a...

CVE-2015-4683

Polycom RealPresence Resource Manager aka RPRM before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests...

Polycom SoundStation IP, VVX and RealPresence Trio UCS Information Disclosure Vulnerability

Polycom SoundStation IP, VVX, and RealPresence Trio are all products of Polycom, Inc.Polycom SoundStation IP is an IP phone; VVX is a visual conference phone; and RealPresence Trio is a smart Multimedia devices. An information disclosure vulnerability exists in the UCS in Polycom SoundStation IP,...

Polycom BToE Connector Elevation of Privilege Vulnerability

Polycom BToE Connector is a BToE connector developed by Polycom. A security vulnerability exists in Polycom BToE Connector versions prior to 3.0.0, which originates from a program that assigns weak privileges to the x86\polycom\polycom btoe connector\plcmbtoesrv.exe program file. A local attacker...

Design/Logic Flaw

Polycom BToE Connector before 3.0.0 uses weak permissions Everyone: Full Control for "Program Files x86\polycom\polycom btoe connector\plcmbtoesrv.exe," which allows local users to gain privileges via a Trojan horse file...

CVE-2015-8300

Polycom BToE Connector before 3.0.0 uses weak permissions Everyone: Full Control for "Program Files x86\polycom\polycom btoe connector\plcmbtoesrv.exe," which allows local users to gain privileges via a Trojan horse file...

CVE-2015-8300

Polycom BToE Connector (pre-3.0.0) exposes weak permissions (Everyone: Full Control) on the file plcmbtoesrv.exe, enabling local privilege escalation via a Trojan horse/file replacement. Multiple sources corroborate that versions prior to 3.0.0 are affected; fixed in version 3.0.0 released March ...

CVE-2015-8300

Polycom BToE Connector before 3.0.0 uses weak permissions Everyone: Full Control for "Program Files x86\polycom\polycom btoe connector\plcmbtoesrv.exe," which allows local users to gain privileges via a Trojan horse file...

Information disclosure

Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's...

CVE-2017-12857

Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's...