Paul Haas

7 exploits Active since Apr 2006
CVE-2025-34093 EXPLOITDB HIGH ruby WORKING POC
Polycom HDX Series - Command Injection
An authenticated command injection vulnerability exists in the Polycom HDX Series command shell interface accessible over Telnet. The lan traceroute command in the devcmds console accepts unsanitized input, allowing attackers to execute arbitrary system commands. By injecting shell metacharacters through the traceroute interface, an attacker can achieve remote code execution under the context of the root user. This flaw affects systems where Telnet access is enabled and either unauthenticated access is allowed or credentials are known.
CVE-2012-6611 EXPLOITDB CRITICAL ruby WORKING POC
Polycom HDX System Software < 3.0.5 - Use of Hard-coded Credentials
An issue was discovered in Polycom Web Management Interface G3/HDX 8000 HD with Durango 2.6.0 4740 software and embedded Polycom Linux Development Platform 2.14.g3. It has a blank administrative password by default, and can be successfully used without setting this password.
CVSS 9.8
CVE-2012-6610 METASPLOIT HIGH ruby WORKING POC
Polycom HDX Video End Points < 3.0.4 and UC APL < 2.7.1.j - Authenticated OS Command Injection via Ping Command
Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote authenticated users to execute arbitrary commands as demonstrated by a ; (semicolon) to the ping command feature.
CVSS 8.8
CVE-2025-34093 METASPLOIT HIGH ruby WORKING POC
Polycom HDX Series - Command Injection
An authenticated command injection vulnerability exists in the Polycom HDX Series command shell interface accessible over Telnet. The lan traceroute command in the devcmds console accepts unsanitized input, allowing attackers to execute arbitrary system commands. By injecting shell metacharacters through the traceroute interface, an attacker can achieve remote code execution under the context of the root user. This flaw affects systems where Telnet access is enabled and either unauthenticated access is allowed or credentials are known.
EIP-2026-119233 EXPLOITDB python WORKING POC
Ultr@VNC 1.0.1 - 'client Log::ReallyPrint' Remote Buffer Overflow
CVE-2006-1652 EXPLOITDB python WORKING POC
UltraVNC and tabbed_viewer - Buffer Overflow via Long String on TCP Port 5900
Multiple buffer overflows in (a) UltraVNC (aka Ultr@VNC) 1.0.1 and earlier and (b) tabbed_viewer 1.29 (1) allow user-assisted remote attackers to execute arbitrary code via a malicious server that sends a long string to a client that connects on TCP port 5900, which triggers an overflow in Log::ReallyPrint; and (2) allow remote attackers to cause a denial of service (server crash) via a long HTTP GET request to TCP port 5800, which triggers an overflow in VNCLog::ReallyPrint.
EIP-2026-114801 EXPLOITDB ruby WORKING POC
Polycom Shell HDX Series - Traceroute Command Execution (Metasploit)