EUVD-2008-4853

Malware in sbrugna...

EUVD-2008-4855

Malware in sbrugna...

Philips VOIP841 (Firmware <= 1.0.4.800) Multiple Vulnerabilities

No description provided by source. .: Philips VOIP841 Multiple Vulnerabilities :. Luca ikki Carettoni - [email protected] Systems affected: Philips VOIP841, Firmware Version 1.0.4.50 and 1.0.4.80, Web Server Version 1.5 simple httpd Systems not affected: n/a a Hidden Administration...

CVE-2008-4876

Cross-site scripting XSS vulnerability in the web server component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote attackers to inject arbitrary web script or HTML via the request URL, which is not properly handled in a 404 web error page...

CVE-2008-4874

The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has a back door "service" account with "service" as its password, which makes it easier for remote attackers to obtain access...

CVE-2008-4875

Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote authenticated users to read arbitrary files via a .. dot dot in a GET request. NOTE: this can be leveraged with CVE-2008-4874 for unauthenticated access ...

Cross site scripting

Cross-site scripting XSS vulnerability in the web server component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote attackers to inject arbitrary web script or HTML via the request URL, which is not properly handled in a 404 web error page...

Directory traversal

Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote authenticated users to read arbitrary files via a .. dot dot in a GET request. NOTE: this can be leveraged with CVE-2008-4874 for unauthenticated access ...

Design/Logic Flaw

The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has a back door "service" account with "service" as its password, which makes it easier for remote attackers to obtain access...

CVE-2008-4874

The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has a back door "service" account with "service" as its password, which makes it easier for remote attackers to obtain access...

CVE-2008-4876

Cross-site scripting XSS vulnerability in the web server component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote attackers to inject arbitrary web script or HTML via the request URL, which is not properly handled in a 404 web error page...

CVE-2008-4875

Philips Electronics VOIP841 DECT Phone web server (firmware 1.0.4.50 and 1.0.4.80) is subject to a directory traversal vulnerability via a .. in GET requests, allowing remote authenticated users to read arbitrary files. The issue is documented as CVE-2008-4875. It is noted that this can be levera...

CVE-2008-4876

The CVE-2008-4876 entry concerns an XSS vulnerability in the web server component of Philips Electronics VOIP841 DECT Phone. Affected firmware versions 1.0.4.50 and 1.0.4.80 allow remote attackers to inject arbitrary web script or HTML via the request URL because it is not properly sanitized in t...

CVE-2008-4874

CVE-2008-4874 concerns Philips Electronics VOIP841 DECT Phone firmware 1.0.4.50 and 1.0.4.80, which allegedly contains a back door account named “service” with password “service,” enabling remote access. The incident is documented across multiple sources (NVD/CVE records) and described as a backd...

CVE-2008-4875

Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote authenticated users to read arbitrary files via a .. dot dot in a GET request. NOTE: this can be leveraged with CVE-2008-4874 for unauthenticated access ...

Philips VOIP841 (Firmware &lt;= 1.0.4.800) Multiple Vulnerabilities

No description provided by source. .: Philips VOIP841 Multiple Vulnerabilities :. Luca "ikki" Carettoni - [email protected] Systems affected: Philips VOIP841, Firmware Version 1.0.4.50 and 1.0.4.80, Web Server Version 1.5 simple httpd Systems not affected: n/a a Hidden Administration...

Philips VOIP841 Multiple Vulnerabilities

Secure Network - Security Research Advisory Vuln name: Philips VOIP841 Multiple Vulnerabilities Systems affected: Philips VOIP841, Firmware Version 1.0.4.50 and 1.0.4.80, Web Server Version 1.5 simple httpd Systems not affected: n/a Severity: High Local/Remote: Remote Vendor URL:...

philipsvoip-multi.txt

Secure Network - Security Research Advisory Vuln name: Philips VOIP841 Multiple Vulnerabilities Systems affected: Philips VOIP841, Firmware Version 1.0.4.50 and 1.0.4.80, Web Server Version 1.5 simple httpd Systems not affected: n/a Severity: High Local/Remote: Remote Vendor URL:...

Philips VOIP841 (Firmware <= 1.0.4.800) Multiple Vulnerabilities

Exploit for hardware platform in category remote exploits ================================================================ Philips VOIP841 Firmware alert"XSS"; HTTP/1.0 d Insecure Storage Skype credentials, web management console passwords, ... /var/jffs2/data/save.dat /tmp/apply.log 0day.today...

Philips VOIP841 Firmware 1.0.4.800 - Multiple Vulnerabilities

Philips VOIP841 Firmware 1.0.4.800 - Multiple Vulnerabilities .: Philips VOIP841 Multiple Vulnerabilities :. Luca "ikki" Carettoni - [email protected] Systems affected: Philips VOIP841, Firmware Version 1.0.4.50 and 1.0.4.80, Web Server Version 1.5 simple httpd Systems not affected: n/a...