Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3604

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-3604
Last Modified 05 Sep 2008 05:07:35
Published 18 Jul 2006 11:37:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3604

Summary

Directory traversal vulnerability in FlexWATCH Network Camera 3.0 and earlier allows remote attackers to bypass access restrictions for (1) admin/aindex.asp or (2) admin/aindex.html via a .. (dot dot) and encoded / (%2f) sequence in the URL.

Vulnerable Systems

Application

  • Seyeon Flexwatch Network Camera 3.0


References

XF - flexwatch-admin-auth-bypass(27656)

BID - 18948

BUGTRAQ - 20060710 Digital Armaments Security Advisory 10.07.2006: Flexwath Authorization Bypassing and XSS Vulnerability

MISC - http://www.digitalarmaments.com/2006300687985463.html

SECUNIA - 20994

BUGTRAQ - 20061103 Re: Digital Armaments Security Advisory 10.07.2006: Flexwath Authorization Bypassing and XSS Vulnerability

BUGTRAQ - 20060721 Re: Digital Armaments Security Advisory 10.07.2006: Flexwath Authorization Bypassing and XSS Vulnerability


Last Updated: 27 May 2016 10:43:04