axel vulnerabilities and exploits

7.5
CVSSv2
CVE-2005-0390

Buffer overflow in the HTTP redirection capability in conn.c for Axel before 1.0b may allow remote attackers to execute arbitrary code....

2.1
CVSSv2
CVE-2018-12261

An issue was discovered on Momentum Axel 720P 5.1.8 devices. All processes run as root....

7.2
CVSSv2
CVE-2018-12259

An issue was discovered on Momentum Axel 720P 5.1.8 devices. Root access can be obtained via UART pins without any restrictions, which leads to full system compromise....

7.2
CVSSv2
CVE-2018-12323

An issue was discovered on Momentum Axel 720P 5.1.8 devices. A password of EHLGVG is hard-coded for the root and admin accounts, which makes it easier for physically proximate attackers to login at the console....

3.3
CVSSv2
CVE-2018-10328

Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming for the appagent account, which allows remote attackers to view the RTSP video stream....

2.1
CVSSv2
CVE-2018-12260

An issue was discovered on Momentum Axel 720P 5.1.8 devices. The root password can be obtained in cleartext by issuing the command 'showKey' from the root CLI. This password may be the same on all devices...

7.2
CVSSv2
CVE-2018-12258

An issue was discovered on Momentum Axel 720P 5.1.8 devices. Custom Firmware Upgrade is possible via an SD Card. With physical access, an attacker can upgrade the firmware in under 60 seconds by inserting an SD card containing the firmware with name 'ezviz.dav' and...

2.1
CVSSv2
CVE-2018-12257

An issue was discovered on Momentum Axel 720P 5.1.8 devices. There is Authenticated Custom Firmware Upgrade via DNS Hijacking. An authenticated root user with CLI access is able to remotely upgrade firmware to a custom image due to lack of SSL validation by changing the...

7.5
CVSSv2
CVE-2009-1479

Directory traversal vulnerability in client/desktop/default.htm in Boxalino before 09.05.25-0421 allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter....

Boxalino
7.5
CVSSv2
CVE-2006-6726

PHP remote file inclusion vulnerability in inertianews_main.php in inertianews 0.02 beta allows remote attackers to execute arbitrary PHP code via a URL in the inews_path parameter....

Inertianews