Vulnerabilities > CVE-2005-0480 - Remote vulnerability in TrackerCam
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in TrackerCam 5.12 and earlier allows remote attackers to inject arbitrary HTML or web script via the login request, which is recorded in a log file but not properly handled when the administrator views the log file.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | CGI abuses |
NASL id | TRACKERCAM_MULTIPLE_VULNERABILITIES.NASL |
description | The remote host is running TrackerCam, a HTTP software that allows a user to publish a webcam feed thru a website. The remote version of this software is affected by multiple vulnerabilities : - Buffer overflows which may allow an attacker to execute arbitrary code on the remote host. - A directory traversal bug that may allow an attacker to read arbitrary files on the remote host with the privileges of the web server daemon. - A cross-site scripting issue that may allow an attacker to use the remote host to perform a cross-site scripting attack. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 17160 |
published | 2005-02-21 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/17160 |
title | TrackerCam Multiple Remote Vulnerabilities |