CVE-2012-6611

An issue was discovered in Polycom Web Management Interface G3/HDX 8000 HD with Durango 2.6.0 4740 software and embedded Polycom Linux Development Platform 2.14.g3. It has a blank administrative password by default, and can be successfully used without setting this password...

CVE-2012-6611

Polycom Web Management Interface G3/HDX 8000 HD running Durango 2.6.0 4740 and embedded Polycom Linux Development Platform 2.14.g3 is affected. The issue is a default, blank administrative password that allows access without credential setup. CVSS metrics indicate network access, no user interact...

CVE-2012-6609

Directory traversal vulnerability in agetlog.cgi in Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote attackers to read arbitrary files via a .. dot dot in the name parameter...

CVE-2012-6610

Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote authenticated users to execute arbitrary commands as demonstrated by a ; semicolon to the ping command feature...

Directory traversal

Directory traversal vulnerability in agetlog.cgi in Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote attackers to read arbitrary files via a .. dot dot in the name parameter...

Command injection

Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote authenticated users to execute arbitrary commands as demonstrated by a ; semicolon to the ping command feature...

CVE-2012-6609

Directory traversal vulnerability in agetlog.cgi in Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote attackers to read arbitrary files via a .. dot dot in the name parameter...

CVE-2012-6609

CVE-2012-6609 is a directory traversal in Polycom HDX Video Endpoints (before 3.0.4) and UC APL (before 2.7.1.J). An attacker can read arbitrary files by supplying .. in the name parameter via a_getlog.cgi. The NVD entry reports CVSSv2 base score 5.0 (MEDIUM) and CVSSv3.1 base score 7.5 (HIGH), w...

CVE-2012-6610

Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote authenticated users to execute arbitrary commands as demonstrated by a ; semicolon to the ping command feature...

CVE-2012-6610

CVE-2012-6610 affects Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J. The vulnerability is a command injection that allows remote authenticated users to execute arbitrary commands via the ping feature, demonstrated by using a semicolon to inject commands. Evidence from multip...

Plantronics Hub 3.13.2 - SpokesUpdateService Privilege Escalation Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Plantronics Hub SpokesUpdateService Privilege Escalation', 'Description' = %q The Plantronics Hub client application for Windows makes use of an...

Plantronics Hub SpokesUpdateService Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Plantronics Hub SpokesUpdateService Privilege Escalation', 'Description' = %q The Plantronics Hub client application for Windows makes use of an...

CVE-2019-14259

On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection missing input validation issue in the NTP server IP address field for the "Time Service Settings web" interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands ...

Command injection

On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection missing input validation issue in the NTP server IP address field for the "Time Service Settings web" interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands ...

CVE-2019-14259

On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection missing input validation issue in the NTP server IP address field for the "Time Service Settings web" interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands ...

CVE-2019-14259

CVE-2019-14259 affects the Polycom Obihai Obi1022 VoIP phone (firmware 5.1.11). The issue is a command injection due to missing input validation in the NTP server IP address field of the "Time Service Settings web" interface. An authenticated remote attacker on the same network can trigger OS com...

CVE-2019-12948

A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service DoS condition or execute arbitrary co...

CVE-2019-12948

A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service DoS condition or execute arbitrary co...

Code injection

A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service DoS condition or execute arbitrary co...

CVE-2019-12948

The CVE-2019-12948 entry concerns Polycom UC Software web-based management on VVX, Trio, SoundStructure, SoundPoint and SoundStation phones. A vulnerability exists in the web interface that, when exploited by an authenticated admin, could cause DoS or allow arbitrary code execution. Documents con...