Re: [Full-Disclosure] [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers
From: bashis <mcw@xxxxxx>
Date: Tue, 24 Aug 2004 05:53:25 +0200 (CEST)
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: mcw@xxxxxx

 
 > password issues known to exist..
 Yes.
 
 > http://www.google.com/search?hl=en&lr=&ie=UTF-8&newwindow=1&safe=off&q=axis+camera+exploit
 >
 > http://www.google.com/search?hl=en&lr=&ie=UTF-8&newwindow=1&safe=off&q=axis+camera+vulnerability
 > 
 > or...
 > http://www2.corest.com/common/showdoc.php?idx=329&idxseccion=10
 > http://www.securityfocus.com/bid/3640/exploit/
 Not the same stuff..
 
 'axis-wh00t.sh' adding a new user 'wh00t' with password 'wh00t' with Admin
 priviliges, as anonymous viewer. No matter what password root have.
 
 Read it, try it, understand it, before useless postings..
 
 > >To: security@xxxxxxxx
 > >Date: Mon, 16 Aug 2004 22:48:38 +0200 (CEST)
 > 
 > try the contact page?
 > http://www.axis.com/corporate/contact.htm
 
 No mailer-daemon received on 'security@xxxxxxxx' post.
 
 Have a nice day
 /bashis

Prev by Date: Broadcast forced exit in Ground Control II 1.0.0.7
Next by Date: [OpenPKG-SA-2004.038] OpenPKG Security Advisory (zlib)
Previous by thread: Broadcast forced exit in Ground Control II 1.0.0.7
Next by thread: [OpenPKG-SA-2004.038] OpenPKG Security Advisory (zlib)
Index(es):
- Date
- Thread