iBaby M3S has a password of admin for the backdoor admin account.
CVE-2015-6027
Castle Rock Computing SNMPc before 2015-12-17 has XSS via SNMP.
CVE-2015-6028
Castle Rock Computing SNMPc before 2015-12-17 has SQL injection via the sc parameter.
CVE-2015-6021
Spiceworks Desktop before 2015-12-01 has XSS via an SNMP response.
CVE-2015-7260
Liebert MultiLink Automated Shutdown v4.2.4 allows local users to gain privileges by replacing the LiebertM executable file.
CVE-2015-7263
The SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct hijacking attacks and bypass ACL checks via a crafted host value.
CVE-2015-6035
Opsview before 2015-11-06 has XSS via SNMP.
CVE-2015-7265
Facebook Proxygen before 2015-11-09 mismanages HTTPMessage.request state, which allows remote attackers to conduct hijacking attacks and bypass ACL checks.
CVE-2015-7270
Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal.
CVE-2015-7264
The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes, which allows hijacking and injection attacks.