EUVD-2008-4854

Malware in sbrugna...

EUVD-2008-4855

Malware in sbrugna...

uIP and lwIP DNS resolver vulnerable to cache poisoning

Overview The DNS resolver implemented in uIP and lwIP is vulnerable to cache poisoning due to non-randomized transaction IDs TXIDs and source port reuse. Description CWE-330: Use of Insufficiently Random Values - CVE-2014-4883The DNS resolver implemented in all versions of uIP, as well as lwIP...

Philips Electronics got hacked, Database Stolen by Hackers

Philips Electronics got hacked, Database Stolen by Hackers Another big site got hacked today, its Philips Electronics - had revenues of €25.42 billion in 2010, making it one of the largest electronics companies in the world. It employs around 114,500 people across more than 60 countries. The defa...

CVE-2008-4874

The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has a back door "service" account with "service" as its password, which makes it easier for remote attackers to obtain access...

Cross site scripting

Cross-site scripting XSS vulnerability in the web server component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote attackers to inject arbitrary web script or HTML via the request URL, which is not properly handled in a 404 web error page...

Directory traversal

Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote authenticated users to read arbitrary files via a .. dot dot in a GET request. NOTE: this can be leveraged with CVE-2008-4874 for unauthenticated access ...

Design/Logic Flaw

The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has a back door "service" account with "service" as its password, which makes it easier for remote attackers to obtain access...

CVE-2008-4874

The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has a back door "service" account with "service" as its password, which makes it easier for remote attackers to obtain access...

CVE-2008-4876

Cross-site scripting XSS vulnerability in the web server component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote attackers to inject arbitrary web script or HTML via the request URL, which is not properly handled in a 404 web error page...

CVE-2008-4876

The CVE-2008-4876 entry concerns an XSS vulnerability in the web server component of Philips Electronics VOIP841 DECT Phone. Affected firmware versions 1.0.4.50 and 1.0.4.80 allow remote attackers to inject arbitrary web script or HTML via the request URL because it is not properly sanitized in t...

CVE-2008-4874

CVE-2008-4874 concerns Philips Electronics VOIP841 DECT Phone firmware 1.0.4.50 and 1.0.4.80, which allegedly contains a back door account named “service” with password “service,” enabling remote access. The incident is documented across multiple sources (NVD/CVE records) and described as a backd...