Show filters
70 Total Results
Displaying 41-50 of 70
Sort by:
Attacker Value
Unknown

CVE-2018-7565

Disclosure Date: March 07, 2018 (last updated November 26, 2024)
CSRF exists on Polycom QDX 6000 devices.
0
0
Attacker Value
Unknown

CVE-2015-4683

Disclosure Date: September 19, 2017 (last updated November 26, 2024)
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests.
0
0
Attacker Value
Unknown

CVE-2015-4681

Disclosure Date: September 19, 2017 (last updated November 26, 2024)
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords.
0
0
Attacker Value
Unknown

CVE-2015-4684

Disclosure Date: September 19, 2017 (last updated November 26, 2024)
Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modifier parameter to PlcmRmWeb/FileDownload; or remote authenticated administrators to upload arbitrary files via the (2) Filename or (3) SE_FNAME parameter to PlcmRmWeb/FileUpload or to read and remove arbitrary files via the (4) filePathName parameter in an importSipUriReservations SOAP request to PlcmRmWeb/JUserManager.
0
0
Attacker Value
Unknown

CVE-2015-4682

Disclosure Date: September 19, 2017 (last updated November 26, 2024)
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows remote authenticated users to obtain the installation path via an HTTP POST request to PlcmRmWeb/JConfigManager.
0
0
Attacker Value
Unknown

CVE-2015-4685

Disclosure Date: September 19, 2017 (last updated November 26, 2024)
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo misconfiguration.
0
0
Attacker Value
Unknown

CVE-2015-8300

Disclosure Date: August 28, 2017 (last updated November 26, 2024)
Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for "Program Files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe," which allows local users to gain privileges via a Trojan horse file.
0
0
Attacker Value
Unknown

CVE-2017-12857

Disclosure Date: August 25, 2017 (last updated November 26, 2024)
Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's memory which could contain an administrator's password or other sensitive information.
0
0
Attacker Value
Unknown

CVE-2015-1516

Disclosure Date: September 03, 2015 (last updated October 05, 2023)
Cross-site scripting (XSS) vulnerability in Polycom RealPresence CloudAXIS Suite before 1.7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2015-2086

Disclosure Date: February 26, 2015 (last updated October 05, 2023)
Cross-site scripting (XSS) vulnerability in the live preview in the Panopoly Magic module before 7.x-1.17 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a pane title.
0
0
View More Topics  < Previous  Next >