Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
axis vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2015-8257
The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml.
Axis Network Camera Firmware -
1 EDB exploit
NA
CVE-2023-51441
** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: up to and including 1.3. As Axis 1 has been EOL we recommend you migrate to a different S...
Apache Axis
NA
CVE-2023-22984
A Vulnerability exists in Axis 207W network camera. There is a reflected XSS vulnerability in the web administration portal, which allows an malicious user to execute arbitrary JavaScript via URL.
Axis 207w Firmware -
NA
CVE-2023-40743
** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to th...
Apache Axis
3.5
CVSSv2
CVE-2021-31989
A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices.
Axis Device Manager
9.3
CVSSv2
CVE-2007-4926
The AXIS 207W camera uses a base64-encoded cleartext username and password for authentication, which allows remote malicious users to obtain sensitive information by sniffing the wireless network or by leveraging unspecified other vectors.
Axis 207w Camera
4.3
CVSSv2
CVE-2017-15885
Reflected XSS in the web administration portal on the Axis 2100 Network Camera 2.03 allows an malicious user to execute arbitrary JavaScript via the conf_Layout_OwnTitle parameter to view/view.shtml. NOTE: this might overlap CVE-2007-5214.
Axis 2100 Network Camera Firmware 2.03
10
CVSSv2
CVE-2000-0191
Axis StorPoint CD allows remote malicious users to access administrator URLs without authentication via a .. (dot dot) attack.
Axis Storpoint Cd
1 EDB exploit
7.6
CVSSv2
CVE-2018-9156
An issue exists on AXIS P1354 (IP camera) Firmware version 5.90.1.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server ...
Axis P1354 Firmware 5.90.1.1
5
CVSSv2
CVE-2007-2353
Apache Axis 1.0 allows remote malicious users to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
Apache Axis 1.0
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »