Back to search
CVE-2004-2426
Published: Aug 18, 2005
Modified: Aug 8, 2024
PUBLISHED
Description
Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
9122
vdb-entry
x_refsource_OSVDB
axis-directory-traversal(17079)
vdb-entry
x_refsource_XF
11011
vdb-entry
x_refsource_BID
20040831 Axis Network Camera and Video Server Security Advisory
mailing-list
x_refsource_FULLDISC
12353
third-party-advisory
x_refsource_SECUNIA
20040822 [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers
mailing-list
x_refsource_FULLDISC
1011056
vdb-entry
x_refsource_SECTRACK
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now