Polycom Command Shell Authorization Bypass

Polycom Command Shell Authorization Bypass

The login component of the Polycom Command Shell on Polycom HDX video endpoints, running software versions 3.0.5 and earlier, is vulnerable to an authorization bypass when simultaneous connections are made to the service, allowing remote network attackers to gain access to a sandboxed telnet prompt without authentication. Versions prior to 3.0.4 contain OS command injection […]

The post Polycom Command Shell Authorization Bypass appeared first on MondoUnix.

VICIdial user_authorization Unauthenticated Command Execution

VICIdial user_authorization Unauthenticated Command Execution

This Metasploit module exploits a vulnerability in VICIdial versions 2.9 RC 1 to 2.13 RC1 which allows unauthenticated users to execute arbitrary operating system commands as the web server user if password encryption is enabled (disabled by default). When password encryption is enabled the user’s password supplied using HTTP basic authentication is used in a […]

The post VICIdial user_authorization Unauthenticated Command Execution appeared first on MondoUnix.