EUVD-2010-0245

Malware in sbrugna...

EUVD-2011-0449

Malware in sbrugna...

CVE-2011-0423

The PolyVision RoomWizard with firmware 3.2.3 has a default password of roomwizard for the administrator account, which makes it easier for remote attackers to obtain console access via an HTTP session, a different vulnerability than CVE-2010-0214...

CVE-2010-0214

The administrative interface on the PolyVision RoomWizard with firmware 3.2.3 places the Sync Connector Active Directory AD credentials in a web form that is accessed over HTTP on port 80, which allows remote attackers to obtain sensitive information by reading the HTML source code corresponding ...

Design/Logic Flaw

The administrative interface on the PolyVision RoomWizard with firmware 3.2.3 places the Sync Connector Active Directory AD credentials in a web form that is accessed over HTTP on port 80, which allows remote attackers to obtain sensitive information by reading the HTML source code corresponding ...

Default credentials

The PolyVision RoomWizard with firmware 3.2.3 has a default password of roomwizard for the administrator account, which makes it easier for remote attackers to obtain console access via an HTTP session, a different vulnerability than CVE-2010-0214...

CVE-2011-0423

The PolyVision RoomWizard with firmware 3.2.3 has a default password of roomwizard for the administrator account, which makes it easier for remote attackers to obtain console access via an HTTP session, a different vulnerability than CVE-2010-0214...

CVE-2011-0423

CVE-2011-0423 affects PolyVision RoomWizard devices running firmware 3.2.3. The issue is a default administrator password (roomwizard) that enables remote attackers to obtain console access via HTTP session. The vulnerability is separate from CVE-2010-0214, which concerns credentials exposed in a...

CVE-2010-0214

The CVE-2010-0214 issue affects PolyVision RoomWizard firmware 3.2.3. The administrative web interface serves Sync Connector Active Directory credentials in plaintext within a web page accessible over HTTP (port 80), specifically via the /admin/sign/DeviceSynch URI, allowing remote attackers with...

CVE-2010-0214

The administrative interface on the PolyVision RoomWizard with firmware 3.2.3 places the Sync Connector Active Directory AD credentials in a web form that is accessed over HTTP on port 80, which allows remote attackers to obtain sensitive information by reading the HTML source code corresponding ...

PolyVision RoomWizard insecurely stores Sync Connector Active Directory credentials and uses default administrative password

Overview The PolyVision RoomWizard web based scheduling system with touch screen display contains two vulnerabilities that allow an unauthorized user to access the device console and Sync Connector Active Directory credentials. Description The PolyVision RoomWizard is a touch screen scheduling...