Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2490

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-2490
Last Modified 13 Sep 2011 12:00:00
Published 19 May 2006 07:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-2490

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Mobotix IP Network Cameras M1 1.9.4.7 and M10 2.0.5.2, and other versions before 2.2.3.18 for M10/D10 and 3.0.3.31 for M22, allow remote attackers to inject arbitrary web script or HTML via URL-encoded values in (1) the query string to help/help, (2) the get_image_info_abspath parameter to control/eventplayer, and (3) the source_ip parameter to events.tar.

Vulnerable Systems

Application

  • Mobotix Ip Network Camera D10

  • Mobotix Ip Network Camera M1 1.9.4.7

  • Mobotix Ip Network Camera M10 2.0.5.2

  • Mobotix Ip Network Camera M22


References

XF - mobotix-multiple-xss(26538)

SECUNIA - 20151

VUPEN - ADV-2006-1857

BID - 18022

BUGTRAQ - 20060822 Vendor Statement: fixed Mobotix IP Network Cameras Multiple XSS bug

BUGTRAQ - 20060517 Mobotix IP Network Cameras Multiple XSS

OSVDB - 25623

OSVDB - 25622

OSVDB - 25621

MISC - http://www.eazel.es/media/advisory001.html

VIM - 20060821 CVE-2006-2490 (Mobotix) vendor ACK

SECTRACK - 1016128

SREASON - 929


Last Updated: 27 May 2016 10:42:29