Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
axis vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2015-8257
The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml.
Axis Network Camera Firmware -
1 EDB exploit
6.1
CVSSv3
CVE-2023-22984
A Vulnerability exists in Axis 207W network camera. There is a reflected XSS vulnerability in the web administration portal, which allows an malicious user to execute arbitrary JavaScript via URL.
Axis 207w Firmware -
7.2
CVSSv3
CVE-2023-51441
** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: up to and including 1.3. As Axis 1 has been EOL we recommend you migrate to a different S...
Apache Axis
9.8
CVSSv3
CVE-2023-40743
** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to th...
Apache Axis
NA
CVE-2000-0191
Axis StorPoint CD allows remote malicious users to access administrator URLs without authentication via a .. (dot dot) attack.
Axis Storpoint Cd
1 EDB exploit
6.1
CVSSv3
CVE-2017-15885
Reflected XSS in the web administration portal on the Axis 2100 Network Camera 2.03 allows an malicious user to execute arbitrary JavaScript via the conf_Layout_OwnTitle parameter to view/view.shtml. NOTE: this might overlap CVE-2007-5214.
Axis 2100 Network Camera Firmware 2.03
7.5
CVSSv3
CVE-2018-9156
An issue exists on AXIS P1354 (IP camera) Firmware version 5.90.1.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server ...
Axis P1354 Firmware 5.90.1.1
8.8
CVSSv3
CVE-2020-2179
Jenkins Yaml Axis Plugin 0.2.0 and previous versions does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
Jenkins Yaml Axis
NA
CVE-2007-4926
The AXIS 207W camera uses a base64-encoded cleartext username and password for authentication, which allows remote malicious users to obtain sensitive information by sniffing the wireless network or by leveraging unspecified other vectors.
Axis 207w Camera
5.3
CVSSv3
CVE-2021-31989
A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices.
Axis Device Manager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injection
CVE-2024-30983
CVE-2023-4235
CVE-2024-21338
privilege
encryption
CVE-2023-4232
CVE-2024-31497
CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »