Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > System crack > Content
Hot Articles
GeoVision Digital Video
Adobe Acrobat and the Re
Samba group_mapping.tdb/
The Sleuth Kit - UNIX-ba
Marvell 88W8361P-BEM1 ch
CS-Cart core / user.php
phpBB Small ShoutBox mod
Outlook Web Access for E
FlexCell Grid ActiveX co
PHP error_log bypasses t
Apple Bonjour for Window
nginx file type error pa
DedeCMS V5.5 Final GetWe
Details of PHP code exec
The VMware 2008-0014 ren
Recommend Articles
Mozilla the Firefox 2.0.
DC++ many long-distance
VLC the media player WAV
The Wireshark 1.0.1 edit
Wordpress XML-RPC connec
ServerView Web connectio
PCRE the pcre_compile.c
phpMyAdmin long-distance
Panda the ActiveScan lon
BlueZ the SDP load handl
1024 CMS many documents
WeFi journal file local
vBulletin adminlog.php r
Microsoft Windows DNS se
Adobe RoboHelp Server he
New Articles
DiY - brief loophole ana
Freefloat FTP Server ove
I can with Apache endeav
HP - UX NFS/ONCplus unkn
HP - UX FTPD remote deni
HP - UX DCE can send acr
HP - UX 'useradd' local
HP - UX swagentd remote
HP - UX Numbers local de
HP - UX System under the
HP - UX 'FTPD' unknown r
HP TCP/IP Services for c
From Solaris NFS pages f
From Solaris XScreenSave
Sun Solaris Auditing Ext
Polycom Video Conference System Management Server Authentication Bypass Vulnerability
  Add date: 08/04/2009   Publishing date: 08/04/2009   Hits: 270
Total 3 pages, Current page:1, Jump to page:
 
The Polycom ViewStation FX set top video system provides TV-quality video for the most demanding video communications needs. Embedded streaming capabilities let you capture and send meetings, presentations or broadcasts to anyone equipped with a Web browser. Polycom's unmatched full duplex sound and tracking technology make video meetings effortless, natural, and push-button-easy. Audio flexibility and custom application support are extensive.

A problem with the Polycom ViewStation allows some users to change configuration of the video conferencing system. A bug introduced in the Polycom ViewStation FX Release v4.2 that could allow users full access on the video conferencing system. Upon taking advantage of this vulnerability, the user could change the configuration of the video conferencing system and could change admin password and software update password.

Polycom ViewStation admin password and software update password is stored in plain text and can be revealed by viewing the source (http:///a_security.htm) of the web page.
Analysis:
An analysis for this vulnerability exists and is available below.

a_security.htm source code:

 ==================== SNIP ====================

<html>
<head>
<title>Admin Password Change</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" href="style1.css" type="text/css">
</head>

<body bgcolor="#FFFFFF" text="#000000" background="background1.gif" class="largetext">
<script language="JavaScript">
  var model = "VSFX4";
  var mppSelect = "Meeting";
  var mpp = "";

  function setSelected(list, value)
  {
    //list = document.forms[0].SNAPCAM
    var j;
    for(j = 0; j < list.length; j++)
    {
      if(list.options[j].value == value)
      {
        list.options[j].selected = true;
      }
      else
      {
        list.options[j].selected = false;
      }
    }
  }
</script>
<div align="center">
  <p>Security </p>
  <form method="POST" enctype="application/x-www-form-urlencoded">
    <table border="0" cellspacing="2" class="text2">

      <tr>
        <td class="text2">Meeting Password:</td>
        <td>

 
Other pages: : 1 * 2 * 3 * Next>>
Prev:Internet Explorer System Information Disclosure Next:Spectrum Cash Receipting System Weak Password Encryption

Comment:

Category: Home > System crack
Home