Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
axis vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-9156
An issue exists on AXIS P1354 (IP camera) Firmware version 5.90.1.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server ...
Axis P1354 Firmware 5.90.1.1
8.8
CVSSv3
CVE-2020-2179
Jenkins Yaml Axis Plugin 0.2.0 and previous versions does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
Jenkins Yaml Axis
6.1
CVSSv3
CVE-2017-12413
AXIS 2100 devices 2.43 have XSS via the URI, possibly related to admin/admin.shtml.
Axis 2100 Network Camera Firmware 2.43
8.8
CVSSv3
CVE-2023-21407
A broken access control was found allowing for privileged escalation of the operator account to gain administrator privileges.
Axis License Plate Verifier
9.8
CVSSv3
CVE-2023-21409
Due to insufficient file permissions, unprivileged users could gain access to unencrypted administrator credentials allowing the configuration of the application.
Axis License Plate Verifier
8.8
CVSSv3
CVE-2023-21410
User provided input is not sanitized on the AXIS License Plate Verifier specific “api.cgi” allowing for arbitrary code execution.
Axis License Plate Verifier
8.8
CVSSv3
CVE-2023-21411
User provided input is not sanitized in the “Settings > Access Control” configuration interface allowing for arbitrary code execution.
Axis License Plate Verifier
8.8
CVSSv3
CVE-2023-21412
User provided input is not sanitized on the AXIS License Plate Verifier specific “search.cgi” allowing for SQL injections.
Axis License Plate Verifier
NA
CVE-2007-4928
The AXIS 207W camera stores a WEP or WPA key in cleartext in the configuration file, which might allow local users to obtain sensitive information.
Axis 207w Network Camera
NA
CVE-2007-4930
Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 207W camera allow remote malicious users to perform certain actions as administrators via (1) axis-cgi/admin/restart.cgi, (2) the user and sgrp parameters to axis-cgi/admin/pwdgrp.cgi in an add action, or (3) ...
Axis 207w Network Camera
3 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »