Lucene search
+L

58 matches found

Vulnrichment
Vulnrichment
added 2025/08/12 5:14 a.m.5 views

CVE-2025-3892

ACAP applications can be executed with elevated privileges, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a maliciou...

6.7CVSS7.1AI score0.00146EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/06 5:45 a.m.15 views

CVE-2025-0359

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ACAP Application framework that allowed applications to access restricted D-Bus methods within the framework. Axis has released patched AXIS OS versions for the highlighted flaw. Please...

8.5CVSS6.9AI score0.00132EPSS
Exploits0References1
NVD
NVD
added 2025/03/04 6:15 a.m.17 views

CVE-2025-0359

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ACAP Application framework that allowed applications to access restricted D-Bus methods within the framework. Axis has released patched AXIS OS versions for the highlighted flaw. Please...

8.5CVSS0.00132EPSS
Exploits0References1
CVE
CVE
added 2025/03/04 5:21 a.m.64 views

CVE-2025-0359

CVE-2025-0359 concerns Axis OS/ACAP: a flaw in the ACAP Application framework allowed applications to access restricted D-Bus methods. The issue stems from insufficient access control in the framework, exposing sensitive IPC interfaces. Axis has released patched AXIS OS versions; refer to Axis se...

8.5CVSS8.4AI score0.00132EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2025/03/04 5:21 a.m.6 views

CVE-2025-0359

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ACAP Application framework that allowed applications to access restricted D-Bus methods within the framework. Axis has released patched AXIS OS versions for the highlighted flaw. Please...

8.5CVSS8.4AI score0.00132EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/04 5:21 a.m.22 views

CVE-2025-0359

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ACAP Application framework that allowed applications to access restricted D-Bus methods within the framework. Axis has released patched AXIS OS versions for the highlighted flaw. Please...

8.5CVSS0.00132EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2023/10/20 12:0 a.m.18 views

AXIS OS Command Injection Vulnerability (Oct 2023)

AXIS OS is prone to a command injection vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:axis:axisos"; if descripti...

9.1CVSS7.6AI score0.01236EPSS
Exploits0References1
CVE
CVE
added 2023/10/16 6:8 a.m.45 views

CVE-2023-21413

The CVE-2023-21413 vulnerability affects Axis OS on Axis devices, where the ACAP application installation process is vulnerable to command injection in the application handling service. This enables remote code execution (RCE) if an attacker can leverage the installation flow. Public risk scores ...

9.1CVSS8.2AI score0.01236EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/10/16 6:8 a.m.20 views

CVE-2023-21413 Remote code execution vulnerability during the installation of ACAP applications on the Axis device

GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has release...

9.1CVSS10AI score0.01236EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/10/16 6:8 a.m.17 views

CVE-2023-21413 Remote code execution vulnerability during the installation of ACAP applications on the Axis device

GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has release...

9.1CVSS8.9AI score0.01236EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/10/16 12:0 a.m.6 views

AXIS OS Command Injection Vulnerability

AXIS Os is an edge device operating system from Axis of Sweden. A security vulnerability exists in AXIS OS versions 10.11 through 11.5 that originates from allowing remote code execution during installation of the ACAP application on an Axis device...

9.1CVSS8.1AI score0.01236EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/08/03 6:48 a.m.28 views

CVE-2023-21409 Insufficient file permissions leak administrator-privileged credentials in AXIS License Verifier ACAP

Due to insufficient file permissions, unprivileged users could gain access to unencrypted administrator credentials allowing the configuration of the application...

8.4CVSS9.7AI score0.00564EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/08/03 6:40 a.m.21 views

CVE-2023-21407 Privilege escalation in AXIS License Plate Verifier ACAP

A broken access control was found allowing for privileged escalation of the operator account to gain administrator privileges...

8.8CVSS9AI score0.00553EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/08/03 6:40 a.m.12 views

CVE-2023-21407 Privilege escalation in AXIS License Plate Verifier ACAP

A broken access control was found allowing for privileged escalation of the operator account to gain administrator privileges...

8.8CVSS7.2AI score0.00553EPSS
Exploits0References1
Kitploit
Kitploit
added 2016/03/12 7:23 p.m.47 views

Striptls - Proxy POC Implementation Of STARTTLS Stripping Attacks

poc implementation of STARTTLS stripping attacks SMTP SMTP.StripFromCapabilities - server response capability patch SMTP.StripWithInvalidResponseCode - client STARTTLS stripping, invalid response code SMTP.UntrustedIntercept - STARTTLS interception client and server talking ssl requires server.pe...

7.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2016/01/05 12:0 a.m.61 views

ACAP Cleartext Authentication

The remote Automated Content Access Protocol ACAP service supports one or more authentication mechanisms that allow credentials to be sent in the clear. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid87732; scriptversion"$Revision: 1.1 $"; scriptcvsdate"$Date:...

5.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2011/05/27 12:0 a.m.27 views

ACAP Service STARTTLS Plaintext Command Injection

The remote ACAP service contains a software flaw in its STARTTLS implementation that could allow a remote, unauthenticated attacker to inject commands during the plaintext protocol phase that will be executed during the ciphertext protocol phase. Successful exploitation could permit an attacker t...

5.6AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2009/10/09 12:0 a.m.32 views

ACAP Service STARTTLS Command Support

The remote ACAP service supports the use of the 'STARTTLS' command to switch from a cleartext to an encrypted communications channel. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid42084; scriptversion"$Revision: 1.9 $"; scriptcvsdate"$Date: 2017/06/15 21:59:54 $";...

5.6AI score
Exploits0References2
Rows per page
Query Builder