lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070928112153.9772.qmail@securityfocus.com>
Date: 28 Sep 2007 11:21:53 -0000
From: research@...checkup.com
To: bugtraq@...urityfocus.com
Subject: Owning Big Brother: How to Crack into Axis IP cameras

The research is made of two components: a purple paper and a video. The research doesn't just cover boring PoCs, but actual Hollywood-style exploits :-) . Yes, this includes the classic attack in which the legitimate video stream gets replaced by another stream that keeps looping forever!

In the paper we only cover new vulnerabilities affecting older _and_ the latest firmware. The most eye-catching ones are perhaps the following issues affecting the latest version of the firmware (2.43): 

  System-wide Cross-site Request Forgeries (CSRF) – any admin action can be forged by design!
  Non-persistent Cross-site Scripting (XSS) on 404 error pages
  Persistent cross-site Scripting (XSS) on the network settings page
  Persistent cross-site Scripting (XSS) on the video viewing page
  Persistent cross-site Scripting (XSS) on the logs viewing facility

For more info please see: http://www.procheckup.com/Vulnerability_2007.php

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ