CVE-2006-2490
CVE-2006-2490
Multiple cross-site scripting (XSS) vulnerabilities in Mobotix IP Network Cameras M1 1.9.4.7 and M10 2.0.5.2, and other versions before 2.2.3.18 for M10/D10 and 3.0.3.31 for M22, allow remote attackers to inject arbitrary web script or HTML via URL-encoded values in (1) the query string to help/help, (2) the get_image_info_abspath parameter to control/eventplayer, and (3) the source_ip parameter to events.tar.
Affected products
n/a · n/apublic PoCs found — 3
exploitdbwww.exploit-db.com/exploits/27894unverifiedexploitdbwww.exploit-db.com/exploits/27893unverifiedexploitdbwww.exploit-db.com/exploits/27892unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://secunia.com/advisories/20151http://securityreason.com/securityalert/929http://securitytracker.com/id?1016128https://exchange.xforce.ibmcloud.com/vulnerabilities/26538http://www.attrition.org/pipermail/vim/2006-August/000980.htmlhttp://www.eazel.es/media/advisory001.htmlhttp://www.osvdb.org/25621http://www.osvdb.org/25622http://www.osvdb.org/25623http://www.securityfocus.com/archive/1/434289/100/0/threadedhttp://www.securityfocus.com/archive/1/444018/100/0/threadedhttp://www.securityfocus.com/bid/18022