Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
axis vulnerabilities and exploits
(subscribe to this query)
676
VMScore
CVE-2018-9156
An issue exists on AXIS P1354 (IP camera) Firmware version 5.90.1.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server ...
Axis P1354 Firmware 5.90.1.1
828
VMScore
CVE-2007-4926
The AXIS 207W camera uses a base64-encoded cleartext username and password for authentication, which allows remote malicious users to obtain sensitive information by sniffing the wireless network or by leveraging unspecified other vectors.
Axis 207w Camera
1000
VMScore
CVE-2000-0191
Axis StorPoint CD allows remote malicious users to access administrator URLs without authentication via a .. (dot dot) attack.
Axis Storpoint Cd
1 EDB exploit
383
VMScore
CVE-2007-5214
Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and previous versions allow remote malicious users to inject arbitrary web script or HTML via (1) the PATH_INFO to the default URI associated with a directory, as demonstra...
Axis 2100 Network Camera
NA
CVE-2023-21407
A broken access control was found allowing for privileged escalation of the operator account to gain administrator privileges.
Axis License Plate Verifier
NA
CVE-2023-21408
Due to insufficient file permissions, unprivileged users could gain access to unencrypted user credentials that are used in the integration interface towards 3rd party systems.
Axis License Plate Verifier
NA
CVE-2023-21409
Due to insufficient file permissions, unprivileged users could gain access to unencrypted administrator credentials allowing the configuration of the application.
Axis License Plate Verifier
NA
CVE-2023-21410
User provided input is not sanitized on the AXIS License Plate Verifier specific “api.cgi” allowing for arbitrary code execution.
Axis License Plate Verifier
NA
CVE-2023-21411
User provided input is not sanitized in the “Settings > Access Control” configuration interface allowing for arbitrary code execution.
Axis License Plate Verifier
NA
CVE-2023-21412
User provided input is not sanitized on the AXIS License Plate Verifier specific “search.cgi” allowing for SQL injections.
Axis License Plate Verifier
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »