336 matches found
CVE-2017-12857
Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's...
CVE-2017-12857
Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's...
CVE-2017-12857
Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's...
CVE-2017-12857
Polycom devices (SoundStation IP, VVX, RealPresence Trio) running UCS versions older than 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by an information-disclosure vulnerability in the UCS web application. An authenticated remote attacker could read memory segments containing adminis...
CVE-2017-12857
Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's...
R7-2017-07: Multiple Fuze TPN Handset Portal vulnerabilities (FIXED)
This post describes three security vulnerabilities related to access controls and authentication in the TPN Handset Portal, part of the Fuze platform. Fuze fixed all three issues by May 6, 2017, and user action is not required to remediate. Rapid7 thanks Fuze for their quick and thoughtful respon...
Polycom VVX Web Interface Forced Admin Password Change Vulnerability
Polycom is a global leader in standards-based unified communications UC solutions for telepresence, video and voice. The Polycom VVX web interface can be forced to change the admin password vulnerability, which requires a user to access the "user" account in the web interface of a Polycom VoIP...
Polycom VVX Web Interface Privilege Escalation
Exploit Title: Polycom VVX Web Interface - Change Admin Password as User Date: January 26, 2017 Exploit Author: Mike Brown Vendor Homepage: http://www.polycom.com/ Software Link: http://downloads.polycom.com/voice/voip/ucswreleasesmatrix.html Version: Polycom vvx 410 UC Software Version: 5.3.1.04...
Polycom VVX Web Interface - Change Admin Password
Polycom VVX Web Interface - Change Admin Password Exploit Title: Polycom VVX Web Interface - Change Admin Password as User Date: January 26, 2017 Exploit Author: Mike Brown Vendor Homepage: http://www.polycom.com/ Software Link: http://downloads.polycom.com/voice/voip/ucswreleasesmatrix.html...
Polycom VVX Web Interface - Change Admin Password
Exploit Title: Polycom VVX Web Interface - Change Admin Password as User Date: January 26, 2017 Exploit Author: Mike Brown Vendor Homepage: http://www.polycom.com/ Software Link: http://downloads.polycom.com/voice/voip/ucswreleasesmatrix.html Version: Polycom vvx 410 UC Software Version: 5.3.1.04...
Polycom VVX Web Interface - Change Admin Password Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Polycom VVX Web Interface - Change Admin Password as User Date: January 26, 2017 Exploit Author: Mike Brown Vendor Homepage: http://www.polycom.com/ Software Link:...
Unauthorized Access Vulnerability in Polycom HDX Series Video Conferencing Systems
The Polycom HDX Series of products are multipoint video conferencing system servers that provide easy-to-manage multipoint video and integrated conferencing services for next-generation real-time media conferencing platforms. An unauthorized access vulnerability exists in the Polycom HDX Series...
OpenSSL Memory Leak Vulnerability in Polycom HDX Series Video Conferencing Systems
The Polycom HDX Series of products are multipoint video conferencing system servers that provide easy-to-manage multipoint video and integrated conferencing services for next-generation real-time media conferencing platforms. An OpenSSL memory leak vulnerability exists in the Polycom HDX Series...
Unspecified Cross-Site Scripting Vulnerability in Polycom HDX Video End Points
Polycom HDX Video End Points video conferencing system. An unspecified cross-site scripting vulnerability exists in Polycom HDX Video End Points. The vulnerability can be exploited to execute arbitrary HTML and script code in the browsers of trusted users in the context of an affected site, steal...
Polycom HDX Video End Points XML External Entity Denial of Service Vulnerability
Polycom HDX Video End Points video conferencing system. A denial of service vulnerability exists in Polycom HDX Video End Points. An attacker could exploit this vulnerability to cause a denial of service condition...
support.polycom.com XSS vulnerability
Vulnerable URL: http://support.polycom.com/PolycomService/knowledgebase/search.htm?searchString=a%22%3E%3C/iframe%3E%3C/div%3E%3Cscript%3Ealert%27xss%27;%3C/script%3E%3C!-- Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability...
polycom-web-management-interface-os-command-injection
No description provided by source...
Polycom Command Shell Authorization Bypass
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Polycom Command Shell Authorization Bypass', 'Alias' = 'pshauthbypass', 'Author' = 'Paul Haas ', module 'h00die ',...
polycom HDX系列设备默认登录控制台无需密码
No description provided by source...
Polycom VVX-Series Business Media Phones - Path Traversal Vulnerability
Exploit for hardware platform in category web applications Polycom VVX-Series Business Media Phones Path Traversal Vulnerability --Summary-- Polycom VVX-series Business Media Phones allow authenticated users to execute file path traversal attacks Polycom http://www.polycom.com --Affects-- Polycom...