MidnightBSD

Advisories for vsecurity

CVE-2009-4509 HIGH

The administrative web console on the TANDBERG Video Communication Server (VCS) before X4.3 uses predictable session cookies in (1) tandberg/web/lib/secure.php and (2) tandberg/web/user/lib/secure.php, which makes it easier for remote attackers to bypass authentication, and execute arbitrary code by loading a custom software update, via a crafted "Cookie: tandberg_login=" HTTP header.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
vsecurity tandberg_video_communication_server x3.0.0
vsecurity tandberg_video_communication_server x4.2.0
vsecurity tandberg_video_communication_server x1.2.0
vsecurity tandberg_video_communication_server x1.1.0
vsecurity tandberg_video_communication_server x3.1.0
vsecurity tandberg_video_communication_server x1.0.0
vsecurity tandberg_video_communication_server x2.1.0
vsecurity tandberg_video_communication_server *
vsecurity tandberg_video_communication_server x2.0.0
vsecurity tandberg_video_communication_server x4.1.0
CVE-2009-4510 HIGH

The SSH service on the TANDBERG Video Communication Server (VCS) before X5.1 uses a fixed DSA key, which makes it easier for remote attackers to conduct man-in-the-middle attacks and spoof arbitrary servers via crafted SSH packets.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-310,

Products Affected

Vendor Product Version
vsecurity tandberg_video_communication_server x3.0.0
vsecurity tandberg_video_communication_server x4.2.0
vsecurity tandberg_video_communication_server x3.1.0
vsecurity tandberg_video_communication_server x4.2.1
vsecurity tandberg_video_communication_server x2.1.0
vsecurity tandberg_video_communication_server x2.0.0
vsecurity tandberg_video_communication_server x1.2.0
vsecurity tandberg_video_communication_server x1.1.0
vsecurity tandberg_video_communication_server x4.3.0
vsecurity tandberg_video_communication_server x1.0.0
vsecurity tandberg_video_communication_server *
vsecurity tandberg_video_communication_server x4.1.0
CVE-2009-4511 MEDIUM

Multiple directory traversal vulnerabilities in the web administration interface on the TANDBERG Video Communication Server (VCS) before X5.1 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to (1) helppage.php or (2) user/helppage.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
vsecurity tandberg_video_communication_server x3.0.0
vsecurity tandberg_video_communication_server x4.2.0
vsecurity tandberg_video_communication_server x1.2.0
vsecurity tandberg_video_communication_server x1.1.0
vsecurity tandberg_video_communication_server x3.1.0
vsecurity tandberg_video_communication_server x4.2.1
vsecurity tandberg_video_communication_server x1.0.0
vsecurity tandberg_video_communication_server x2.1.0
vsecurity tandberg_video_communication_server *
vsecurity tandberg_video_communication_server x2.0.0
vsecurity tandberg_video_communication_server x4.1.0
CVE-2010-1355 MEDIUM

Cross-site scripting (XSS) vulnerability on the TANDBERG Video Communication Server (VCS) before X5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Reference ID 66316.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
vsecurity tandberg_video_communication_server x3.0.0
vsecurity tandberg_video_communication_server x4.2.0
vsecurity tandberg_video_communication_server x1.2.0
vsecurity tandberg_video_communication_server x1.1.0
vsecurity tandberg_video_communication_server x3.1.0
vsecurity tandberg_video_communication_server x4.2.1
vsecurity tandberg_video_communication_server x1.0.0
vsecurity tandberg_video_communication_server x2.1.0
vsecurity tandberg_video_communication_server *
vsecurity tandberg_video_communication_server x2.0.0
vsecurity tandberg_video_communication_server x4.1.0
CVE-2010-1356 HIGH

Unspecified vulnerability on the TANDBERG Video Communication Server (VCS) before X5.0 allows remote attackers to execute arbitrary code via unknown vectors, aka Reference ID 69773.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
vsecurity tandberg_video_communication_server x3.0.0
vsecurity tandberg_video_communication_server x4.2.0
vsecurity tandberg_video_communication_server x1.2.0
vsecurity tandberg_video_communication_server x1.1.0
vsecurity tandberg_video_communication_server x3.1.0
vsecurity tandberg_video_communication_server x4.2.1
vsecurity tandberg_video_communication_server x1.0.0
vsecurity tandberg_video_communication_server x2.1.0
vsecurity tandberg_video_communication_server *
vsecurity tandberg_video_communication_server x2.0.0
vsecurity tandberg_video_communication_server x4.1.0