3 matches found
CVE-2023-5800
Vintage,member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgidid not have a sufficient input validation allowing for a possible remote codeexecution. This flaw can only be exploited after authenticating with anoperator- or administrator-privileged service account...
CVE-2021-31988
A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary SMTP headers in the generated test email.
CVE-2023-21415
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has re...