CVSS: 8.8EPSS: 10%CPEs: 1EXPL: 2CVE-2013-3543 – AXIS Media Control 6.2.10.11 - Unsafe ActiveX Method
https://notcve.org/view.php?id=CVE-2013-3543
The AXIS Media Control (AMC) ActiveX control (AxisMediaControlEmb.dll) 6.2.10.11 for AXIS network cameras allows remote attackers to create or overwrite arbitrary files via a file path to the (1) StartRecord, (2) SaveCurrentImage, or (3) StartRecordMedia methods. El AXIS Media Control (AMC) control ActiveX (AxisMediaControlEmb.dll) 6.2.10.11 para cámaras de red AXIS permite a atacantes remotos crear o sobreescribir archivos arbitrarios a través de un archivo de ruta a (1) StartRecord, (2) SaveCurrentImage, o métodos (3) StartRecordMedia. • https://www.exploit-db.com/exploits/26173 http://seclists.org/fulldisclosure/2013/Jun/84 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2CVE-2011-5261 – Axis M10 Series Network Cameras - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-5261
Cross-site scripting (XSS) vulnerability in serverreport.cgi in Axis M10 Series Network Cameras M1054 firmware 5.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the pageTitle parameter to admin/showReport.shtml. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en serverreport.cgi en Axis M10 Series Network Cameras M1054 firmware v5.21, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro pageTitle para admin/showReport.shtml. • https://www.exploit-db.com/exploits/36428 http://metzgersecurity.blogspot.com/2011/11/xss-vulnerability-axis-m10-series.html http://osvdb.org/77395 http://secunia.com/advisories/47037 http://www.securityfocus.com/bid/50968 https://exchange.xforce.ibmcloud.com/vulnerabilities/71687 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 68%CPEs: 1EXPL: 0CVE-2008-5260
https://notcve.org/view.php?id=CVE-2008-5260
Heap-based buffer overflow in the CamImage.CamImage.1 ActiveX control in AxisCamControl.ocx in AXIS Camera Control 2.40.0.0 allows remote attackers to execute arbitrary code via a long image_pan_tilt property value. Un desbordamiento de búfer basado en montículo en el control ActiveX CamImage.CamImage.1 en AxisCamControl.ocx en AXIS Camera Control 2.40.0.0 permite a atacantes remotos ejecutar código arbitrario a través de un valor demasiado de la propiedad image_pan_tilt. • http://osvdb.org/51532 http://secunia.com/advisories/33444 http://secunia.com/secunia_research/2008-58 http://www.axis.com/techsup/software/acc/files/acc_security_update_090119.pdf http://www.securityfocus.com/archive/1/500334/100/0/threaded http://www.securityfocus.com/bid/33408 http://www.vupen.com/english/advisories/2009/0228 https://exchange.xforce.ibmcloud.com/vulnerabilities/48176 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 2EXPL: 1CVE-2007-5213
https://notcve.org/view.php?id=CVE-2007-5213
Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to ServerManager.srv and (2) a hostname change through the conf_Network_HostName parameter on the Network page. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en AXIS 2100 Network Camera 2.02 con firmware 2.43 y anteriores permite a atacantes remotos llevar a cabo acciones como administrador, como ha sido demostrado por (1) un cambio del servidor SMTP a través del parámetro conf_SMTP_MailServer1 a ServerManager.srv y (2) un cambio del nombre de máquina a través del parámetro conf_Network_HostName en la página Network. • http://osvdb.org/39490 http://osvdb.org/39491 http://securityreason.com/securityalert/3188 http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf http://www.securityfocus.com/archive/1/480995/100/0/threaded http://www.securityfocus.com/bid/25837 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 2%CPEs: 1EXPL: 1CVE-2007-5214
https://notcve.org/view.php?id=CVE-2007-5214
Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to the default URI associated with a directory, as demonstrated by (a) the root directory and (b) the view/ directory; (2) parameters associated with saved settings, as demonstrated by (c) the conf_Network_HostName parameter on the Network page and (d) the conf_Layout_OwnTitle parameter to ServerManager.srv; and (3) the query string to ServerManager.srv, which is displayed on the logs page. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en AXIS 2100 Network Camera 2.02 con firmware 2.43 y anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante (1) el PATH_INFO al URI por defecto asociado con un directorio, como ha sido demostrado por (a) el directorio raíz y (b) el directorio view/; (2) parámetros asociados con configuraciones guardadas, como ha sido demostrado por (c) el parámetro conf_Network_HostName en la página Network y (d) el parámetro conf_Layout_OwnTitle a ServerManager.srv; y (3) la cadena de petición a ServerManager.srv, la cual se muestra en la página de logs. NOTA: un atacantes podría aprovechar una vulnerabilidad CSRF para modificar las configuraciones guardadas. • http://osvdb.org/39492 http://osvdb.org/39493 http://osvdb.org/39494 http://osvdb.org/39495 http://securityreason.com/securityalert/3188 http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf http://www.securityfocus.com/archive/1/480995/100/0/threaded http://www.securityfocus.com/bid/25837 https://exchange.xforce.ibmcloud.com/vulnerabilities/36840 https://exchange.xforce.ibmcloud.com/vulnerabilities/36841 https://exchange.xforce.ibmcloud.com/vulnerabilities/36842 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •