CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5438
https://notcve.org/view.php?id=CVE-2018-5438
20 Mar 2018 — Philips ISCV application prior to version 2.3.0 has an insufficient session expiration vulnerability where an attacker could reuse the session of a previously logged in user. This vulnerability exists when using ISCV together with an Electronic Medical Record (EMR) system, where ISCV is in KIOSK mode for multiple users and using Windows authentication. This may allow an attacker to gain unauthorized access to patient health information and potentially modify this information. La aplicación Philips ISCV, en ... • http://www.securityfocus.com/bid/102847 • CWE-613: Insufficient Session Expiration •
CVSS: 7.2EPSS: 2%CPEs: 2EXPL: 0CVE-2017-14111
https://notcve.org/view.php?id=CVE-2017-14111
17 Nov 2017 — The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials to access the application, or other user entitlements. La función de inicio de sesión en la estación de trabajo en Philips IntelliSpace Cardiovascular (ISCV) en sus versiones 2.3.0 y anteriores y en Xcelera en versiones R4.1L1 y anteriores registra credenciales de autenticación de dom... • http://www.securityfocus.com/bid/101850 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.9EPSS: 0%CPEs: 2EXPL: 0CVE-2017-14797
https://notcve.org/view.php?id=CVE-2017-14797
30 Sep 2017 — Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys (and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected accessories) by leveraging the ability to sniff HTTP traffic on the local intranet network. La ausencia de cifrado en la capa de transporte en la API publica en Philips Hue Bridge BSB002 SW 1707040932 permite que los atacantes remotos lean claves de API (y en consecuencia omi... • https://www.tiferrei.com/philips-we-need-to-talk • CWE-326: Inadequate Encryption Strength •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2017-3210 – Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution
https://notcve.org/view.php?id=CVE-2017-3210
26 Apr 2017 — Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These applications run the component pdiservice.exe with NT AUTHORITY/SYSTEM permissions. This component is also read/writable by all Authenticated Users. This allows local authenticated attackers to run arbitrary code with SYSTEM privileges. • https://packetstorm.news/files/id/142312 • CWE-16: Configuration CWE-276: Incorrect Default Permissions •
CVSS: 9.3EPSS: 94%CPEs: 11EXPL: 35CVE-2017-0199 – Microsoft Office and WordPad Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-0199
12 Apr 2017 — Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API." Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1 y Windows 8.1 permiten a at... • https://packetstorm.news/files/id/142211 •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2015-2882
https://notcve.org/view.php?id=CVE-2015-2882
10 Apr 2017 — Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor admin account. Philips In.Sight B120/37 tiene una contraseña de b120root para la cuenta de root backdoor, una contraseña de /ADMIN/ para la cuenta admin backdoor, una contraseña de merlin para la cuenta backdoor mg3... • https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors • CWE-798: Use of Hard-coded Credentials •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2883
https://notcve.org/view.php?id=CVE-2015-2883
10 Apr 2017 — Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php. Philips In.Sight B120/37 tiene XSS, relacionado con el servicio web de nuve Weaved, según lo demostrado mediante el parámetro name para deviceSettings.php o shareDevice.php. • https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2015-2884
https://notcve.org/view.php?id=CVE-2015-2884
10 Apr 2017 — Philips In.Sight B120/37 allows remote attackers to obtain sensitive information via a direct request, related to yoics.net URLs, stream.m3u8 URIs, and cam_service_enable.cgi. Philips In.Sight B120/37 permite a atacantes remotos obtener información sensible a través de una respuesta directa, relacionado con las URLs yoics.net, URIs stream.m3u8 y cam_service_enable.cgi. • http://www.securityfocus.com/bid/97683 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 8%CPEs: 6EXPL: 0CVE-2013-2808
https://notcve.org/view.php?id=CVE-2013-2808
05 Oct 2013 — Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management servers and workstations for Flex Cardio products before XperConnect 1.5.4.053 SP2 allows remote attackers to execute arbitrary code via a crafted HTTP request to the Connect broker on TCP port 6000. Desobrdamiento de búffer basado en memoria dinámica de componentes Xper en Philips Xper Information Management Ph... • http://ics-cert.us-cert.gov/advisories/ICSA-13-277-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 3CVE-2010-4904 – Joomla! Component Aardvertiser 2.1 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2010-4904
08 Oct 2011 — SQL injection vulnerability in the Aardvertiser (com_aardvertiser) component 2.1 and 2.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_name parameter in a view action to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en el componente Aardvertiser (com_aardvertiser) v2.1 y v2.1.1 para Joomla! que permite a atacantes remotos ejecutar comandos SQL a través del parámetro cat_name en una acción de index.php. • https://www.exploit-db.com/exploits/14922 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •