Product:

2400_video_server

(Axis)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 7
Date Id Summary Products Score Patch Annotated
2007-05-07 CVE-2007-2239 Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long argument. 2100_network_camera, 2110_network_camera, 2120_network_camera, 2130_ptz_network_camera, 2400_video_server, 2401_video_server, 2411_video_server, 2420\-Ir_network_camera, 2420_network_camera, Panorama_ptz_camera N/A
2004-12-31 CVE-2004-2427 Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi. 2100_network_camera, 2110_network_camera, 2120_network_camera, 2130_ptz_network_camera, 230_mpeg2_video_server, 2400_video_server, 2401_video_server, 2411_video_server, 2420_network_camera, 2420_video_server, 2460_network_dvr, 2490_serial_server, 250s_video_server, Storpoint_cd N/A
2004-12-31 CVE-2004-2426 Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi. 2100_network_camera, 2110_network_camera, 2120_network_camera, 2130_ptz_network_camera, 230_mpeg2_video_server, 2400_video_server, 2401_video_server, 2411_video_server, 2420_network_camera, 2420_video_server, 2460_network_dvr, 2490_serial_server, 250s_video_server, Storpoint_cd N/A
2004-12-31 CVE-2004-2425 Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi. 2100_network_camera, 2110_network_camera, 2120_network_camera, 2130_ptz_network_camera, 230_mpeg2_video_server, 2400_video_server, 2401_video_server, 2411_video_server, 2420_network_camera, 2420_video_server, 2460_network_dvr, 2490_serial_server, 250s_video_server, Storpoint_cd N/A
2004-12-31 CVE-2004-0789 Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet. 2100_network_camera, 2110_network_camera, 2120_network_camera, 2400_video_server, 2401_video_server, 2420_network_camera, 2460_network_dvr, Delegate, Dnrd, Mydns, Maradns, Pliant_dns_server, Posadis, Wingate, Raidendnsd N/A
2003-12-31 CVE-2003-1386 AXIS 2400 Video Server 2.00 through 2.33 allows remote attackers to obtain sensitive information via an HTTP request to /support/messages, which displays the server's /var/log/messages file. 2400_video_server, 2401_video_server N/A
2003-06-09 CVE-2003-0240 The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash). 2100_network_camera, 2110_network_camera, 2120_network_camera, 2130_ptz_network_camera, 2400_video_server, 2401_video_server, 2420_network_camera, 2460_network_dvr, 250s_video_server N/A