RSS   Vulnerabilities for 'Hdx system software'   RSS

2020-03-12
 
CVE-2019-11355

CWE-78
 

 
An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. A feature exists that allows the creation of a server / client certificate, or the upload of the user certificate, on the administrator's page. The value received from the user is the factor value of a shell script on the equipment. By entering a special character (such as a single quote) in a CN or other CSR field, one can insert a command into a factor value. A system command can be executed as root.

 
2013-01-01
 
CVE-2012-4970

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1_J, and commercial software before 3.0.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

 

 >>> Vendor: Polycom 29 Products
Viewstation 128
Viewstation 512
Viewstation dcp
Viewstation fx vs4000
Viewstation h.323
Viewstation mp
Viewstation sp 384
Viewstation v.35
Viavideo
Mgc-100
Mgc-25
Mgc-50
Soundpoint ip 301
Soundpoint ip 650
Soundpoint ip 601
Hdx system software
Realpresence cloudaxis suite
Btoe connector
Unified communications software
Realpresence resource manager
Qdx 6000 firmware
Uc software
Vvx 500 firmware
Vvx 601 firmware
Better together over ethernet connector
Group series
HDX
PANO
Obihai obi1022 firmware


Copyright 2024, cxsecurity.com

 

Back to Top