cbcvebase.

Vsecurity Tandberg Video Communication Server vulnerabilities

5 known vulnerabilities affecting vsecurity/tandberg_video_communication_server.

Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2009-4509P3CRITICALCVSS 10.0≤ x4.2.1vx1.0.0+8 more2010-04-13
CVE-2009-4509 [CRITICAL] CWE-94 CVE-2009-4509: The administrative web console on the TANDBERG Video Communication Server (VCS) before X4.3 uses pre The administrative web console on the TANDBERG Video Communication Server (VCS) before X4.3 uses predictable session cookies in (1) tandberg/web/lib/secure.php and (2) tandberg/web/user/lib/secure.php, which makes it easier for remote attackers to bypass authentication, and execute arbitrary code by loading a custom software update, via a crafted "Co
nvd
CVE-2010-1356P3CRITICALCVSS 10.0≤ x4.3.0vx1.0.0+9 more2010-04-13
CVE-2010-1356 [CRITICAL] CVE-2010-1356: Unspecified vulnerability on the TANDBERG Video Communication Server (VCS) before X5.0 allows remote Unspecified vulnerability on the TANDBERG Video Communication Server (VCS) before X5.0 allows remote attackers to execute arbitrary code via unknown vectors, aka Reference ID 69773.
nvd
CVE-2009-4511P4MEDIUMCVSS 4.0PoC≤ x4.3.0vx1.0.0+9 more2010-04-13
CVE-2009-4511 [MEDIUM] CWE-200 CVE-2009-4511: Multiple directory traversal vulnerabilities in the web administration interface on the TANDBERG Vid Multiple directory traversal vulnerabilities in the web administration interface on the TANDBERG Video Communication Server (VCS) before X5.1 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to (1) helppage.php or (2) user/helppage.php.
nvd
CVE-2009-4510P3HIGHCVSS 8.5≤ x5.0.0vx1.0.0+10 more2010-04-13
CVE-2009-4510 [HIGH] CWE-310 CVE-2009-4510: The SSH service on the TANDBERG Video Communication Server (VCS) before X5.1 uses a fixed DSA key, w The SSH service on the TANDBERG Video Communication Server (VCS) before X5.1 uses a fixed DSA key, which makes it easier for remote attackers to conduct man-in-the-middle attacks and spoof arbitrary servers via crafted SSH packets.
nvd
CVE-2010-1355P4MEDIUMCVSS 4.3≤ x4.3.0vx1.0.0+9 more2010-04-13
CVE-2010-1355 [MEDIUM] CWE-79 CVE-2010-1355: Cross-site scripting (XSS) vulnerability on the TANDBERG Video Communication Server (VCS) before X5. Cross-site scripting (XSS) vulnerability on the TANDBERG Video Communication Server (VCS) before X5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Reference ID 66316.
nvd
Vsecurity Tandberg Video Communication Server vulnerabilities | cvebase