18 matches found
PT-2019-18568 · Systrome · Systrome Cumilon
Name of the Vulnerable Software and Affected Versions: Systrome Cumilon devices with firmware V1.1-R2.1 TRUNK-20181105.bin Description: A shell command injection issue occurs when editing the description of an ISP file due to improper validation of user input in the file network/isp/isp update...
CVE-2018-8852
Philips e-Alert Unit non-medical device, Version R2.1 and prior. When authenticating a user or otherwise establishing a new user session, the software gives an attacker the opportunity to steal authenticated sessions without invalidating any existing session identifier...
CVE-2018-8846
Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is then served to other users...
CVE-2018-8844
Philips e-Alert Unit non-medical device, Version R2.1 and prior. The web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request...
CVE-2018-8848
Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor...
CVE-2018-8846
Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is then served to other users...
Code injection
Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor...
CVE-2018-8856
Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software contains hard-coded cryptographic key, which it uses for encryption of internal data...
Code injection
Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software does not properly restrict the size or amount of resources requested or influenced by an actor, which can be used to consume more resources than intended...
CVE-2018-8852
Philips e-Alert Unit non-medical device, Version R2.1 and prior. When authenticating a user or otherwise establishing a new user session, the software gives an attacker the opportunity to steal authenticated sessions without invalidating any existing session identifier...
CVE-2018-8856
Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software contains hard-coded cryptographic key, which it uses for encryption of internal data...
CVE-2018-8848
Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor...
CVE-2018-8854
Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software does not properly restrict the size or amount of resources requested or influenced by an actor, which can be used to consume more resources than intended...
CVE-2018-8842
Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The Philips e-Alert communication channel is not encrypted which could therefore lead to...
CVE-2018-14803
Philips e-Alert Unit (non-medical device), Version R2.1 and prior, is affected by CVE-2018-14803 which describes an information-disclosure vulnerability: an attacker could obtain extraneous product information (e.g., OS/software components) via HTTP response headers that are normally not exposed....
CVE-2018-8850
Philips e-Alert Unit (non‑medical) Version R2.1 and prior is affected by CVE-2018-8850 due to improper input validation (CWE-20), which can cause unintended input, altered control flow, or arbitrary code execution. The vulnerability is documented with high to critical impact (NVD CVSS v3 base 9.8...
Philips e-Alert Cross-Site Request Forgery Vulnerability
Philips e-Alert is an electronic alert solution for MRI systems from Philips in the Netherlands, which is used to monitor and alert on MRI system performance. A cross-site request forgery vulnerability exists in Philips e-Alert R2.1 and prior versions. An attacker could exploit this vulnerability...
OmniPCX Office远程信息泄露漏洞
BUGTRAQ ID: 28758 CVECAN ID: CVE-2008-1331 阿尔卡特的OmniPCX Office是一套为中小型企业设计的统一通信解决方案。 OmniPCX Office的Internet Access服务所使用的一个CGI脚本没有正确地过滤某些特定参数,允许远程攻击者从Internet检索敏感信息。 Alcatel-Lucent OmniPCX Office = 210/061.1 临时解决方法: 如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁: 禁止从Internet的WBM/WCA访问 对于R2.1到R4.1版本:...