Vulnerabilities > CVE-2005-0480 - Remote vulnerability in TrackerCam

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
trackercam
nessus

Summary

Cross-site scripting (XSS) vulnerability in TrackerCam 5.12 and earlier allows remote attackers to inject arbitrary HTML or web script via the login request, which is recorded in a log file but not properly handled when the administrator views the log file.

Vulnerable Configurations

Part Description Count
Application
Trackercam
1

Nessus

NASL familyCGI abuses
NASL idTRACKERCAM_MULTIPLE_VULNERABILITIES.NASL
descriptionThe remote host is running TrackerCam, a HTTP software that allows a user to publish a webcam feed thru a website. The remote version of this software is affected by multiple vulnerabilities : - Buffer overflows which may allow an attacker to execute arbitrary code on the remote host. - A directory traversal bug that may allow an attacker to read arbitrary files on the remote host with the privileges of the web server daemon. - A cross-site scripting issue that may allow an attacker to use the remote host to perform a cross-site scripting attack.
last seen2020-06-01
modified2020-06-02
plugin id17160
published2005-02-21
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/17160
titleTrackerCam Multiple Remote Vulnerabilities