15 matches found
MINI-RPRM-5C4P-M4X6
Bulletin has no description...
Code injection
Polycom RealPresence Resource Manager aka RPRM before 8.4 allows local users to have unspecified impact via vectors related to weak passwords...
CVE-2015-4685
Polycom RealPresence Resource Manager aka RPRM before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo misconfiguration...
CVE-2015-4683
Polycom RealPresence Resource Manager aka RPRM before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests...
CVE-2015-4681
Polycom RealPresence Resource Manager aka RPRM before 8.4 allows local users to have unspecified impact via vectors related to weak passwords...
CVE-2015-4682
CVE-2015-4682 concerns Polycom RealPresence Resource Manager (RPRM) prior to 8.4. An authenticated remote user can disclose the installation path by issuing an HTTP POST to PlcmRmWeb/JConfigManager, exposing sensitive directory information without appropriate authorization checks. The vulnerabili...
CVE-2015-4685
Polycom RealPresence Resource Manager aka RPRM before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo misconfiguration...
CVE-2015-4683
Polycom RealPresence Resource Manager (RPRM) before version 8.4 is affected by CVE-2015-4683, where session IDs are transmitted as HTTP GET parameters. This can lead to sensitive data exposure and, in certain actions (e.g., file/download and log access), enable privilege escalation by an attacker...
CVE-2015-4685
CVE-2015-4685 affects Polycom RealPresence Resource Manager (RPRM) before 8.4. The issue is a sudo misconfiguration that lets the plcm user execute root commands via scripts in /var/polycom/cma/upgrade/scripts, enabling privilege escalation. Impact is described as full root access for an attacker...
CVE-2015-4682
Polycom RealPresence Resource Manager aka RPRM before 8.4 allows remote authenticated users to obtain the installation path via an HTTP POST request to PlcmRmWeb/JConfigManager...
CVE-2015-4684
Polycom RealPresence Resource Manager (RPRM) up to version 8.3 is affected by CVE-2015-4684: multiple directory-traversal vulnerabilities that allow remote authenticated users to read arbitrary files via Modifier in PlcmRmWeb/FileDownload and remote authenticated administrators to upload arbitrar...
CVE-2015-4681
Polycom RealPresence Resource Manager (RPRM) <= 8.3.x is vulnerable to CVE-2015-4681 (and related CVEs) via vectors related to weak passwords, enabling local access with complete impact on confidentiality, integrity, and availability. The SEC Consult advisory reports multiple vulnerabilities a...
SEC Consult SA-20150626-0 :: Critical vulnerabilities in Polycom RealPresence Resource Manager (RPRM) allow surveillance on conferences
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20150626-0 ======================================================================= title: Critical vulnerabilities allow surveillance on conferences product: Polycom RealPresence Resource Manager RPRM...
Polycom RealPresence Resource Manager 8.4 - Multiple Vulnerabilities
Polycom RealPresence Resource Manager 8.4 - Multiple Vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Critical vulnerabilities allow surveillance on...
Polycom RealPresence Resource Manager (RPRM) Disclosure / Traversal
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Critical vulnerabilities allow surveillance on conferences product: Polycom RealPresence Resource Manager RPRM vulnerable...