Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
axis vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-0054
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs local_list.cgi, create_overlay.cgi and irissetup.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the highlig...
NA
CVE-2024-0055
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip.cgi and playclip.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the highlighted flaw. Please refe...
NA
CVE-2022-34269
An issue exists in RWS WorldServer prior to 11.7.3. An authenticated, remote attacker can perform a ws-legacy/load_dtd?system_id= blind SSRF attack to deploy JSP code to the Apache Axis service running on the localhost interface, leading to command execution.
8.8
CVSSv3
CVE-2023-5800
Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-pri...
Axis Axis Os
Axis Axis Os 2022
Axis Axis Os 2020
8.8
CVSSv3
CVE-2023-5677
Brandon Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service a...
Axis M3024-lve Firmware
Axis M3025-ve Firmware
Axis M7014 Firmware
Axis M7016 Firmware
Axis P1214-e Firmware
Axis P7214 Firmware
Axis P7216 Firmware
Axis Q7401 Firmware
Axis Q7404 Firmware
Axis Q7414 Firmware
Axis Q7424-r Mk Ii Firmware
4.3
CVSSv3
CVE-2024-23900
Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and previous versions does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with...
Jenkins Matrix Project
7.2
CVSSv3
CVE-2023-51441
** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: up to and including 1.3. As Axis 1 has been EOL we recommend you migrate to a different S...
Apache Axis
6.5
CVSSv3
CVE-2023-21416
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an malicious user to block access to the overlay configuration page in the web interface of the Axis device. This flaw...
Axis Axis Os
Axis Axis Os 2022
7.1
CVSSv3
CVE-2023-21417
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. This flaw can only be exploited after authenticating with an operator- or administrator- priv...
Axis Axis Os
Axis Axis Os 2022
Axis Axis Os 2020
7.1
CVSSv3
CVE-2023-21418
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service ac...
Axis Axis Os 2018
Axis Axis Os
Axis Axis Os 2022
Axis Axis Os 2020
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298
CVE-2024-20356
CVE-2023-21987
CVE-2024-33217
bypass
CVE-2024-31804
CVE-2024-32660
unauthorized
SSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »