iBaby M6 allows remote attackers to obtain sensitive information, related to the ibabycloud.com service.

Philips In.Sight B120/37 allows remote attackers to obtain sensitive information via a direct request, related to yoics.net URLs, stream.m3u8 URIs, and cam_service_enable.cgi.

Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to bypass authentication, related to the MySnapCam web service.

Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to gain privileges via manual entry of a Settings URL.

iBaby M3S has a password of admin for the backdoor admin account.

Castle Rock Computing SNMPc before 2015-12-17 has XSS via SNMP.

Castle Rock Computing SNMPc before 2015-12-17 has SQL injection via the sc parameter.

Spiceworks Desktop before 2015-12-01 has XSS via an SNMP response.

Liebert MultiLink Automated Shutdown v4.2.4 allows local users to gain privileges by replacing the LiebertM executable file.

The SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct hijacking attacks and bypass ACL checks via a crafted host value.