Polycom Products Directory Traversal and Command Injection Vulnerabilities (Mar 2012) - Active Check

Multiple Polycom products are prone to a directory-traversal vulnerability and a command-injection vulnerability because it fails to sufficiently sanitize user-supplied input. Remote attackers can use a specially crafted request with directory- traversal sequences SPDX-FileCopyrightText: 2013...

Polycom Command Shell Authorization Bypass

The login component of the Polycom Command Shell on Polycom HDX video endpoints, running software versions 3.0.5 and earlier, is vulnerable to an authorization bypass when simultaneous connections are made to the service, allowing remote network attackers to gain access to a sandboxed telnet prom...

Polycom HDX Video End Points crossite scripting

Crossite scripting in web management interface...

Polycom® HDX® Video End Points Web Management Cross Site Scripting (XSS) vulnerability

Polycom® HDX® Video End Points Web Management Cross Site Scripting XSS vulnerability: - CVE: CVE-2012-4970 - Deloitte Argentina Advisory Code: DTTAR-20120001 - Vendor Status: CONFIRMED - Public Disclosure Date: December, 23rd, 2012. - Vendors Affected: Polycom - http://www.polycom.com/ - Systems...

CVE-2012-4970

Cross-site scripting XSS vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1J, and commercial software before 3.0.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1J, and commercial software before 3.0.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2012-4970

Cross-site scripting XSS vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1J, and commercial software before 3.0.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2012-4970

CVE-2012-4970 is a cross-site scripting (XSS) vulnerability in the web management interface of Polycom HDX Video End Points. Affected software includes UC APL prior to 2.7.1_J and commercial prior to 3.0.5. Polycom fixed the issue starting with commercial build 3.0.5 and UC APL 2.7.1.1_J; the spe...

Polycom VoIP Client Detection

Binary data 6475.prm...

[TSI-ADV-1201] Path Traversal on Polycom Web Management Interface

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===== Tempest Security Intelligence - Advisory 01 / 2012 ============ Path Traversal on Polycom Web Management Interface -------------------------------------------------- Authors: - Heyder Andrade: - @heyderandrade -...

Polycom teleconferencing devices security vulnereabilities

Directory traversal, code injection...

[TSI-ADV-1202] Polycom Web Management Interface O.S. Command Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===== Tempest Security Intelligence - Advisory 02 / 2012 ============ Polycom Web Management Interface O.S. Command Injection ------------------------------------------------------- Authors: - Joao Paulo Caldas Campello: - @jpcampello -...

Polycom Products Multiple Vulnerabilities (Mar 2012) - Active Check

Multiple Polycom products are prone to a directory traversal vulnerability and a command injection vulnerability because they fail to sufficiently sanitize user-supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...

Polycom Products Directory Traversal and Command Injection Vulnerabilities

Multiple Polycom products are prone to a directory-traversal vulnerability and a command-injection vulnerability because it fails to sufficiently sanitize user-supplied input. Remote attackers can use a specially crafted request with directory- traversal sequences '../' to retrieve arbitrary file...

Polycom Web Management Interface Command Injection

===== Tempest Security Intelligence - Advisory 02 / 2012 ================== Polycom Web Management Interface O.S. Command Injection ------------------------------------------------------- Authors: - Joao Paulo Caldas Campello: - @jpcampello - http://linkedin.com/in/jpcampello - - Heyder Andrade: ...

Polycom Web Management Interface Directory Traversal

===== Tempest Security Intelligence - Advisory 01 / 2012 ================== Path Traversal on Polycom Web Management Interface -------------------------------------------------- Authors: - Heyder Andrade: - @heyderandrade - http://linkedin.com/in/heyderandrade - - Joao Paulo Caldas Campello: -...

Polycom Audio/Video Server Detection

Binary data 6289.prm...

Polycom SoundPoint IP Phone Default Password

The remote Polycom SoundPoint IP phone is using default credentials to protect some of its configuration pages. A remote attacker could use this information to mount further attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

Polycom SoundPoint IP Phones reg_1.html SIP Information Disclosure

The remote Polycom SoundPoint IP phone hosts a page, 'reg1.htm', that discloses the SIP account password for the associated phone line. A remote attacker could use this information to mount further attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

Polycom IP Phone - Web Interface Data Disclosure

Polycom IP Phone - Web Interface Data Disclosure / / / / / // | / // \ | / / / / / /// / / / / / / / // / / / |/ / // / , 'Line 1' of 'Polycom IP Phone' software. The vulnerability allows the attacker to...