CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2015-2882
https://notcve.org/view.php?id=CVE-2015-2882
Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor admin account. Philips In.Sight B120/37 tiene una contraseña de b120root para la cuenta de root backdoor, una contraseña de /ADMIN/ para la cuenta admin backdoor, una contraseña de merlin para la cuenta backdoor mg3500, una contraseña de M100-4674448 para la cuenta de usuario backdoor y una contraseña de M100-4674448 para la cuenta admin backdoor. • https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2013-2808
https://notcve.org/view.php?id=CVE-2013-2808
Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management servers and workstations for Flex Cardio products before XperConnect 1.5.4.053 SP2 allows remote attackers to execute arbitrary code via a crafted HTTP request to the Connect broker on TCP port 6000. Desobrdamiento de búffer basado en memoria dinámica de componentes Xper en Philips Xper Information Management Physiomonitoring 5, componentes Xper Information Management Vascular Monitoring 5, y servidores y estaciones de trabajo Xper Information Management para productos Flex Cardio anterior a XperConnect 1.5.4.053 SP2 permite a atacantes remotos ejecutar código arbitrario a través de peticiones HTTP manipuladas al broker Connect en el puerto 6000 de TCP. • http://ics-cert.us-cert.gov/advisories/ICSA-13-277-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 3CVE-2010-4904 – Joomla! Component Aardvertiser 2.1 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2010-4904
SQL injection vulnerability in the Aardvertiser (com_aardvertiser) component 2.1 and 2.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_name parameter in a view action to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en el componente Aardvertiser (com_aardvertiser) v2.1 y v2.1.1 para Joomla! que permite a atacantes remotos ejecutar comandos SQL a través del parámetro cat_name en una acción de index.php. • https://www.exploit-db.com/exploits/14922 http://secunia.com/advisories/41293 http://www.exploit-db.com/exploits/14922 http://www.securityfocus.com/bid/43014 http://www.vupen.com/english/advisories/2010/2310 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 3.6EPSS: 0%CPEs: 2EXPL: 0CVE-2010-3028
https://notcve.org/view.php?id=CVE-2010-3028
The Aardvertiser component before 2.2.1 for Joomla! uses insecure permissions (777) in unspecified folders, which allows local users to modify, create, or delete certain files. El componente Aardvertiser en versiones anteriores a la v2.2.1 de Joomla! utiliza permisos inseguros (777) en carpetas sin especificar, lo que permite a usuarios locales modificar, crear o borrar determinados ficheros. • http://secunia.com/advisories/40882 http://sourceforge.net/projects/aardvertiser/forums/forum/989030/topic/3788365 http://www.osvdb.org/66924 http://www.securityfocus.com/bid/42239 https://exchange.xforce.ibmcloud.com/vulnerabilities/60927 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 2CVE-2008-4874 – Philips VOIP841 Firmware 1.0.4.800 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-4874
The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has a back door "service" account with "service" as its password, which makes it easier for remote attackers to obtain access. El componente web en Philips Electronics VOIP841 DECT Phone with firmware v1.0.4.50 y v1.0.4.80 tiene una cuenta de "servicio" de puerta trasera con "service" como contraseña, lo que facilita a atacantes remotos obtener acceso. • https://www.exploit-db.com/exploits/5113 http://archives.neohapsis.com/archives/bugtraq/2008-02/0227.html http://osvdb.org/42940 http://secunia.com/advisories/28978 http://securityreason.com/securityalert/4536 http://www.securenetwork.it/ricerca/advisory/download/SN-2008-01.txt http://www.securityfocus.com/archive/1/488127/100/200/threaded http://www.securityfocus.com/bid/27790 http://www.vupen.com/english/advisories/2008/0583 • CWE-255: Credentials Management Errors •