58 matches found
CVE-2025-3892
ACAP applications can be executed with elevated privileges, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a maliciou...
CVE-2025-0359
During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ACAP Application framework that allowed applications to access restricted D-Bus methods within the framework. Axis has released patched AXIS OS versions for the highlighted flaw. Please...
CVE-2025-0359
During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ACAP Application framework that allowed applications to access restricted D-Bus methods within the framework. Axis has released patched AXIS OS versions for the highlighted flaw. Please...
CVE-2025-0359
CVE-2025-0359 concerns Axis OS/ACAP: a flaw in the ACAP Application framework allowed applications to access restricted D-Bus methods. The issue stems from insufficient access control in the framework, exposing sensitive IPC interfaces. Axis has released patched AXIS OS versions; refer to Axis se...
CVE-2025-0359
During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ACAP Application framework that allowed applications to access restricted D-Bus methods within the framework. Axis has released patched AXIS OS versions for the highlighted flaw. Please...
CVE-2025-0359
During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ACAP Application framework that allowed applications to access restricted D-Bus methods within the framework. Axis has released patched AXIS OS versions for the highlighted flaw. Please...
AXIS OS Command Injection Vulnerability (Oct 2023)
AXIS OS is prone to a command injection vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:axis:axisos"; if descripti...
CVE-2023-21413
The CVE-2023-21413 vulnerability affects Axis OS on Axis devices, where the ACAP application installation process is vulnerable to command injection in the application handling service. This enables remote code execution (RCE) if an attacker can leverage the installation flow. Public risk scores ...
CVE-2023-21413 Remote code execution vulnerability during the installation of ACAP applications on the Axis device
GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has release...
CVE-2023-21413 Remote code execution vulnerability during the installation of ACAP applications on the Axis device
GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has release...
AXIS OS Command Injection Vulnerability
AXIS Os is an edge device operating system from Axis of Sweden. A security vulnerability exists in AXIS OS versions 10.11 through 11.5 that originates from allowing remote code execution during installation of the ACAP application on an Axis device...
CVE-2023-21409 Insufficient file permissions leak administrator-privileged credentials in AXIS License Verifier ACAP
Due to insufficient file permissions, unprivileged users could gain access to unencrypted administrator credentials allowing the configuration of the application...
CVE-2023-21407 Privilege escalation in AXIS License Plate Verifier ACAP
A broken access control was found allowing for privileged escalation of the operator account to gain administrator privileges...
CVE-2023-21407 Privilege escalation in AXIS License Plate Verifier ACAP
A broken access control was found allowing for privileged escalation of the operator account to gain administrator privileges...
Striptls - Proxy POC Implementation Of STARTTLS Stripping Attacks
poc implementation of STARTTLS stripping attacks SMTP SMTP.StripFromCapabilities - server response capability patch SMTP.StripWithInvalidResponseCode - client STARTTLS stripping, invalid response code SMTP.UntrustedIntercept - STARTTLS interception client and server talking ssl requires server.pe...
ACAP Cleartext Authentication
The remote Automated Content Access Protocol ACAP service supports one or more authentication mechanisms that allow credentials to be sent in the clear. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid87732; scriptversion"$Revision: 1.1 $"; scriptcvsdate"$Date:...
ACAP Service STARTTLS Plaintext Command Injection
The remote ACAP service contains a software flaw in its STARTTLS implementation that could allow a remote, unauthenticated attacker to inject commands during the plaintext protocol phase that will be executed during the ciphertext protocol phase. Successful exploitation could permit an attacker t...
ACAP Service STARTTLS Command Support
The remote ACAP service supports the use of the 'STARTTLS' command to switch from a cleartext to an encrypted communications channel. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid42084; scriptversion"$Revision: 1.9 $"; scriptcvsdate"$Date: 2017/06/15 21:59:54 $";...