6 matches found
Directory traversal
Directory traversal vulnerability in agetlog.cgi in Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote attackers to read arbitrary files via a .. dot dot in the name parameter...
Command injection
Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote authenticated users to execute arbitrary commands as demonstrated by a ; semicolon to the ping command feature...
CVE-2012-6609
Directory traversal vulnerability in agetlog.cgi in Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote attackers to read arbitrary files via a .. dot dot in the name parameter...
CVE-2012-6610
CVE-2012-6610 affects Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J. The vulnerability is a command injection that allows remote authenticated users to execute arbitrary commands via the ping feature, demonstrated by using a semicolon to inject commands. Evidence from multip...
CVE-2012-4970
Cross-site scripting XSS vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1J, and commercial software before 3.0.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-4970
Cross-site scripting XSS vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1J, and commercial software before 3.0.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...