CVE-2018-5464
https://notcve.org/view.php?id=CVE-2018-5464
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an untrusted SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information. Philips IntelliSpace Portal, en todas las versiones 8.0.x y 7.0.x, contiene una vulnerabilidad de certificado SSL inseguro. Esto podría permitir a un atacante obtener acceso no autorizado a recursos e información. • http://www.securityfocus.com/bid/103182 https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 https://www.usa.philips.com/healthcare/about/customer-support/product-security • CWE-295: Improper Certificate Validation CWE-310: Cryptographic Issues •
CVE-2018-5468
https://notcve.org/view.php?id=CVE-2018-5468
Philips Intellispace Portal all versions 7.0.x and 8.0.x have a remote desktop access vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code Philips IntelliSpace Portal, en todas las versiones 7.0.x y 8.0.x, contiene una vulnerabilidad de acceso remoto al escritorio que podría permitir a un atacante obtener acceso no autorizado y, en algunos casos, escalar su nivel de privilegios o ejecutar código arbitrario. • http://www.securityfocus.com/bid/103182 https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 https://www.usa.philips.com/healthcare/about/customer-support/product-security • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2018-5472
https://notcve.org/view.php?id=CVE-2018-5472
Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insecure windows permissions vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code. Philips IntelliSpace Portal, en todas las versiones 7.0.x y 8.0.x, contiene una vulnerabilidad de permisos de Windows inseguros que podría permitir a un atacante obtener acceso no autorizado y, en algunos casos, escalar su nivel de privilegios o ejecutar código arbitrario. • http://www.securityfocus.com/bid/103182 https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 https://www.usa.philips.com/healthcare/about/customer-support/product-security • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2018-5466
https://notcve.org/view.php?id=CVE-2018-5466
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information. Philips IntelliSpace Portal, en todas las versiones 8.0.x y 7.0.x, contiene una vulnerabilidad de certificado SSL autofirmado. Esto podría permitir a un atacante obtener acceso no autorizado a recursos e información. • http://www.securityfocus.com/bid/103182 https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 https://www.usa.philips.com/healthcare/about/customer-support/product-security • CWE-295: Improper Certificate Validation CWE-310: Cryptographic Issues •
CVE-2017-0199 – Microsoft Office and WordPad Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-0199
Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API." Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1 y Windows 8.1 permiten a atacantes remotos ejecutar código arbitrario a través de un documento manipulado, vulnerabilidad también conocida como "Microsoft Office DLL Loading Vulnerability". Microsoft Excel contains a remote code execution vulnerability upon processing OLE objects. Versions 2007, 2010, 2013, and 2016 are affected on both architectures. Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. • https://www.exploit-db.com/exploits/42995 https://www.exploit-db.com/exploits/41934 https://www.exploit-db.com/exploits/41894 https://github.com/bhdresh/CVE-2017-0199 https://github.com/haibara3839/CVE-2017-0199-master https://github.com/Exploit-install/CVE-2017-0199 https://github.com/NotAwful/CVE-2017-0199-Fix https://github.com/n1shant-sinha/CVE-2017-0199 https://github.com/Sunqiz/CVE-2017-0199-reprofuction https://github.com/herbiezimmerman/2017-11-17-Maldoc-Using- •