72 matches found
CVE-2013-3543
The AXIS Media Control AMC ActiveX control AxisMediaControlEmb.dll 6.2.10.11 for AXIS network cameras allows remote attackers to create or overwrite arbitrary files via a file path to the 1 StartRecord, 2 SaveCurrentImage, or 3 StartRecordMedia methods...
CVE-2013-3543
The AXIS Media Control AMC ActiveX control AxisMediaControlEmb.dll 6.2.10.11 for AXIS network cameras allows remote attackers to create or overwrite arbitrary files via a file path to the 1 StartRecord, 2 SaveCurrentImage, or 3 StartRecordMedia methods...
SOL3568 - DNS denial of service vulnerability - CAN-2004-0789
Vulnerability description and product information: Multiple implementations of the DNS protocol, including 1 Poslib 1.0.2-1 and earlier as used by Posadis, 2 Axis Network products before firmware 3.13, and 3 Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to caus...
CVE-2004-0789
Multiple implementations of the DNS protocol, including 1 Poslib 1.0.2-1 and earlier as used by Posadis, 2 Axis Network products before firmware 3.13, and 3 Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service CPU and network bandwidth...
CVE-2004-2426
Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. dot dot in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying...
CVE-2004-2426
Axis Network Camera 2.40 and earlier and Axis Video Server 3.12 and earlier are affected by a directory-traversal vulnerability that lets remote attackers bypass authentication by using a .. sequence in an HTTP POST to ServerManager.srv and then perform privileged actions such as modifying files ...
CVE-2004-2427
CVE-2004-2427 affects Axis Network Camera (versions 2.40 and earlier) and Axis Video Server (versions 3.12 and earlier). The vulnerability enables unauthenticated remote access to sensitive information via direct requests to admin/getparam.cgi, admin/systemlog.cgi, admin/serverreport.cgi, and adm...
CVE-2001-1543
Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password "pass", which allows remote attackers to gain access to the camera...
CVE-2001-1543
Axis Network Camera models 2120, 2110, 2100, 200+ and 200 are affected by CVE-2001-1543 due to a default administrator password. This root cause allows remote attackers to gain access using the credentials pass. Impact stated across multiple sources is unauthorized access to the camera. No explic...
CVE-2004-2427
Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to 1 admin/getparam.cgi, 2 admin/systemlog.cgi, 3 admin/serverreport.cgi, and 4 admin/paramlist.cgi, modify system information via 5 setparam.cgi an...
CVE-2004-2425
Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent and possibly other shell metacharacters in the query string to virtualinput.cgi...
CVE-2004-0789
Multiple implementations of the DNS protocol, including 1 Poslib 1.0.2-1 and earlier as used by Posadis, 2 Axis Network products before firmware 3.13, and 3 Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service CPU and network bandwidth...
CVE-2004-2426
Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. dot dot in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying...
Axis Network Camera and Video Server Security Advisory
Topic Security issues have been identified that allows an attacker to compromise Axis Network Cameras, Video Servers, Serial Servers and Network Digital Video Recorders. 2. Description The first issue allows arbitrary shell command execution via HTTP requests due to erroneous shell command and...
[PoC] Nasty bug(s) found in Axis Network Camera/Video Servers
/ Public disclosure due lack of responce from Axis Communications / I have found a couple of bugs in Axis Network Camera/Video Servers. I have all Axis stuff in one e-mail, instead of multiple, lazy me.. ; Vulnerable: Axis 2100/2110/2120/2420/2130 Network Camera, 2400/2401 Video Server. There may...
axisFlaws.txt
/ Public disclosure due lack of responce from Axis Communications / I have found a couple of bugs in Axis Network Camera/Video Servers. I have all Axis stuff in one e-mail, instead of multiple, lazy me.. ; Vulnerable: Axis 2100/2110/2120/2420/2130 Network Camera, 2400/2401 Video Server. There may...
Axis Network Camera 2.x And Video Server 1-3 - virtualinput.cgi Arbitrary Command Execution
Axis Network Camera 2.x And Video Server 1-3 - virtualinput.cgi Arbitrary Command Execution source: https://www.securityfocus.com/bid/11011/info 1. A shell metacharacter command-execution vulnerability allows an anonymous user to download the contents of the '/etc/passwd' file on the device. Othe...
Axis Network Camera 2.x And Video Server 1-3 - Directory Traversal
source: https://www.securityfocus.com/bid/11011/info A directory-traversal vulnerability in HTTP POST requests. This attack is demonstrated by an anonymous user calling protected administration scripts. This bypasses authentication checks and gives anonymous users remote adminitration of the...
Axis Network Camera 2.x And Video Server 1-3 - 'virtualinput.cgi' Arbitrary Command Execution
source: https://www.securityfocus.com/bid/11011/info 1. A shell metacharacter command-execution vulnerability allows an anonymous user to download the contents of the '/etc/passwd' file on the device. Other commands are also likely to work, facilitating other attacks. This issue is reported to...
Axis Network Camera 2.x And Video Server 1-3 - Directory Traversal
Axis Network Camera 2.x And Video Server 1-3 - Directory Traversal source: https://www.securityfocus.com/bid/11011/info A directory-traversal vulnerability in HTTP POST requests. This attack is demonstrated by an anonymous user calling protected administration scripts. This bypasses authenticatio...