| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 28 Sep 2007 11:21:53 -0000 From: research@...checkup.com To: bugtraq@...urityfocus.com Subject: Owning Big Brother: How to Crack into Axis IP cameras The research is made of two components: a purple paper and a video. The research doesn't just cover boring PoCs, but actual Hollywood-style exploits :-) . Yes, this includes the classic attack in which the legitimate video stream gets replaced by another stream that keeps looping forever! In the paper we only cover new vulnerabilities affecting older _and_ the latest firmware. The most eye-catching ones are perhaps the following issues affecting the latest version of the firmware (2.43): System-wide Cross-site Request Forgeries (CSRF) – any admin action can be forged by design! Non-persistent Cross-site Scripting (XSS) on 404 error pages Persistent cross-site Scripting (XSS) on the network settings page Persistent cross-site Scripting (XSS) on the video viewing page Persistent cross-site Scripting (XSS) on the logs viewing facility For more info please see: http://www.procheckup.com/Vulnerability_2007.php
Powered by blists - more mailing lists