Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
philips vulnerabilities and exploits
(subscribe to this query)
2.7
CVSSv2
CVE-2020-16218
In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to un...
Philips Patient Information Center Ix B.02
Philips Patient Information Center Ix C.02
Philips Patient Information Center Ix C.03
5.8
CVSSv2
CVE-2020-16214
In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software saves user-provided information into a comma-separated value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is...
Philips Patient Information Center Ix B.02
Philips Patient Information Center Ix C.02
Philips Patient Information Center Ix C.03
2.1
CVSSv2
CVE-2021-43552
The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from the Patient Information Center iX (PIC iX) Versions B.02, C.02, and C.03.
Philips Patient Information Center Ix B.02
Philips Patient Information Center Ix C.02
Philips Patient Information Center Ix C.03
5
CVSSv2
CVE-2008-4874
The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has a back door "service" account with "service" as its password, which makes it easier for remote malicious users to obtain access.
Philips Electronics Voip841 Dect Phone 1.0.4.50
Philips Electronics Voip841 Dect Phone 1.0.4.48
1 EDB exploit
6.8
CVSSv2
CVE-2008-4875
Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a GET request. NOTE: this can be leveraged with CVE-2008-4874 for unau...
Philips Electronics Voip841 Dect Phone 1.0.4.50
Philips Electronics Voip841 Dect Phone 1.0.4.48
1 EDB exploit
4.3
CVSSv2
CVE-2008-4876
Cross-site scripting (XSS) vulnerability in the web server component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote malicious users to inject arbitrary web script or HTML via the request URL, which is not properly handled in a 404 web ...
Philips Electronics Voip841 Dect Phone 1.0.4.50
Philips Electronics Voip841 Dect Phone 1.0.4.48
1 EDB exploit
6.9
CVSSv2
CVE-2020-7360
An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in versio...
Philips Smartcontrol
5
CVSSv2
CVE-2020-14518
Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker.
Philips Dreammapper
NA
CVE-2018-8863
The HTTP header in Philips EncoreAnywhere contains data an attacker may be able to use to gain sensitive information.
Philips Encoreanywhere
7.5
CVSSv2
CVE-2018-5451
In Philips Alice 6 System version R8.0.2 or prior, when an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. This weakness can lead to the exposure of resources or functionality to unintended actors, possibly pr...
Philips Alice 6 Firmware
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »