CVE-2017-12857

Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's...

CVE-2017-12857

Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's...

CVE-2017-12857

Polycom devices (SoundStation IP, VVX, RealPresence Trio) running UCS versions older than 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by an information-disclosure vulnerability in the UCS web application. An authenticated remote attacker could read memory segments containing adminis...

R7-2017-07: Multiple Fuze TPN Handset Portal vulnerabilities (FIXED)

This post describes three security vulnerabilities related to access controls and authentication in the TPN Handset Portal, part of the Fuze platform. Fuze fixed all three issues by May 6, 2017, and user action is not required to remediate. Rapid7 thanks Fuze for their quick and thoughtful respon...

Polycom VVX Web Interface - Change Admin Password

Exploit Title: Polycom VVX Web Interface - Change Admin Password as User Date: January 26, 2017 Exploit Author: Mike Brown Vendor Homepage: http://www.polycom.com/ Software Link: http://downloads.polycom.com/voice/voip/ucswreleasesmatrix.html Version: Polycom vvx 410 UC Software Version: 5.3.1.04...

support.polycom.com XSS vulnerability

Vulnerable URL: http://support.polycom.com/PolycomService/knowledgebase/search.htm?searchString=a%22%3E%3C/iframe%3E%3C/div%3E%3Cscript%3Ealert%27xss%27;%3C/script%3E%3C!-- Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability...

polycom-web-management-interface-os-command-injection

No description provided by source...

Polycom Command Shell Authorization Bypass

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Polycom Command Shell Authorization Bypass', 'Alias' = 'pshauthbypass', 'Author' = 'Paul Haas ', module 'h00die ',...

polycom HDX系列设备默认登录控制台无需密码

No description provided by source...

Polycom VVX-Series Business Media Phones - Directory Traversal

Polycom VVX-Series Business Media Phones - Directory Traversal Polycom VVX-Series Business Media Phones Path Traversal Vulnerability --Summary-- Polycom VVX-series Business Media Phones allow authenticated users to execute file path traversal attacks Polycom http://www.polycom.com --Affects--...

Polycom SoundStation/SoundPoint IP Default Credentials (HTTP)

The remote Polycom SoundStation IP web interface is using known default credentials. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later if...

CVE-2015-1516

Cross-site scripting XSS vulnerability in Polycom RealPresence CloudAXIS Suite before 1.7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

CVE-2015-1516

Cross-site scripting XSS vulnerability in Polycom RealPresence CloudAXIS Suite before 1.7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

CVE-2015-1516

CVE-2015-1516 describes a cross-site scripting (XSS) vulnerability in Polycom RealPresence CloudAXIS Suite, present in versions before 1.7.0. The issue allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. From the connected CNVD record, affected softwa...

Polycom RealPresence Resource Manager < 8.4 - Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Critical vulnerabilities allow surveillance on conferences product: Polycom RealPresence Resource Manager RPRM vulnerable...

Polycom IP Phone Web Interface Data Diclosure Vulnerability

No description provided by source. / / / / / // | / // \ | / / / / / /// / / / / / / / // / / / |/ / // / , / / // / / / / / //// //|///||/,/ / /// Live by the byte |// Members: Pr0T3cT10n -=M.o.B.=- TheLeader Sro Debug Contact: [email protected] -----------------------------------...

Polycom 2.2/3.0 ViaVideo Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5964/info A buffer overflow vulnerability has been reported for ViaVideo. An attacker can exploit this vulnerability by issuing excessively long 'GET' requests to ViaVideo devices. This will cause an error in the 'vvws.dl...

Polycom SIP Detection

The remote host is a Polycom device based off the listening Polycom SIP services. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid70067; scriptversion"1.4"; scriptsetattributeattribute:"pluginmodificationdate", value:"2023/06/26"; scriptnameenglish:"Polycom SIP...

n.runs-SA-2013.004 - Polycom - H.323 Format String Vulnerability

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2013.004 15-Mar-2013 Vendor: Polycom, http://www.polycom.com Affected Products: Polycom HDX Series Affected Version: 3.1.1.2 Vulnerability: Polycom H.323 Format String Vulnerability Risk: HIGH Overview: For every received H.323 SETUP...

n.runs-SA-2013.002 - Polycom - Firmware Update Command Injection

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2013.002 15-Mar-2013 Vendor: Polycom, http://www.polycom.com Affected Products: Polycom HDX Series Affected Version: 3.1.1.2 Vulnerability: Polycom Firmware Update Command Injection Risk: MEDIUM Overview: Polycom HDX systems can be...