Vulnerabilities > Polycom
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-09-19 | CVE-2015-4684 | Credentials Management vulnerability in Polycom Realpresence Resource Manager Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. | 5.5 |
2017-09-19 | CVE-2015-4683 | Permissions, Privileges, and Access Controls vulnerability in Polycom Realpresence Resource Manager Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests. | 7.5 |
2017-09-19 | CVE-2015-4682 | Information Exposure vulnerability in Polycom Realpresence Resource Manager Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows remote authenticated users to obtain the installation path via an HTTP POST request to PlcmRmWeb/JConfigManager. | 4.0 |
2017-09-19 | CVE-2015-4681 | Credentials Management vulnerability in Polycom Realpresence Resource Manager Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords. | 7.2 |
2017-08-28 | CVE-2015-8300 | Permission Issues vulnerability in Polycom Btoe Connector Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for "Program Files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe," which allows local users to gain privileges via a Trojan horse file. | 7.2 |
2017-08-25 | CVE-2017-12857 | Information Exposure vulnerability in Polycom Unified Communications Software Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. | 4.0 |
2015-09-03 | CVE-2015-1516 | Cross-site Scripting vulnerability in Polycom Realpresence Cloudaxis Suite Cross-site scripting (XSS) vulnerability in Polycom RealPresence CloudAXIS Suite before 1.7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2013-01-01 | CVE-2012-4970 | Cross-Site Scripting vulnerability in Polycom HDX System Software Cross-site scripting (XSS) vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1_J, and commercial software before 3.0.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2006-10-11 | CVE-2006-5233 | Denial Of Service vulnerability in Polycom Soundpoint IP 301 1.4.1.0040 Polycom SoundPoint IP 301 VoIP Desktop Phone, firmware version 1.4.1.0040, allows remote attackers to cause a denial of service (reboot) via (1) a long URL sent to the HTTP daemon and (2) unspecified manipulations as demonstrated by the Nessus http_fingerprinting_hmap.nasl script. | 7.8 |
2003-08-18 | CVE-2003-0556 | Unspecified vulnerability in Polycom Mgc-100, Mgc-25 and Mgc-50 Polycom MGC 25 allows remote attackers to cause a denial of service (crash) via a large number of "user" requests to the control port 5003, as demonstrated using the blast TCP stress tester. | 5.0 |