Headline

CVE-2023-21415

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

1 year ago

CVE

Open in Source

#js #pdf #auth

%PDF-1.7 %�� 1 0 obj <> endobj 2 0 obj <> endobj 3 0 obj <>/ExtGState<>/Font<>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/Annots[ 49 0 R 53 0 R 54 0 R 57 0 R 72 0 R 75 0 R 76 0 R 77 0 R 78 0 R 79 0 R] /MediaBox[ 0 0 595.32 841.92] /Contents 6 0 R/Group<>/Tabs/S>> endobj 4 0 obj <> stream ��JFIF��C $.’ ",#(7),01444’9=82<.342��C 2!!22222222222222222222222222222222222222222222222222��"�� }!1AQa"q2��#B��R��$3br� %&’()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz�� w!1AQaq"2�B�� #3R�br� $4�%�&’()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz��?��(�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� )��Ā��S�&��QE0 (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (�� (��݋Kb��xQ�VY�)bpɮ[P�7w%��^W��c~�GO��ta��I�&�|��D�Ĥ��ϯ�t��G��b��W��7��PӞ&�Q_Ny�EPEPEPEPEPEPEP\��:�4�nn�k�� 0V`>�g��WO}{o��O{w*�o$�� |e��x��W��~��#�,��<��h��ᥬ��[��5�?L_�^\�n$7��s�{��5��9�aKo�� x��t-b�K��\��cu7#��z��5�� (�[a��(��_��}��ᥬ��[��֟��h-+Y׬��&[�\G��2�=21�8�|�J "�>��ߎ?�.��T��|��q��MF��o��mk��s��|��&�>>��GS_ �K�[6�x�xy{/��j�*�#�Z�� Mz’��I��>�P]"[X�� |q�q��ɞ��犼Eg�د�n��5�&>�f��k?h��M�{-��’ܞh�|U��’��_C�v��!�g �zc�� -e�B��+��%S��?��.�>��s�"�Q�-�%�،`�>�۽�5�W��O��Z�Kq<�8bB�;tU$�Y��y(�nwv�Q�My��4� ��q��f�b�3^#�3�u��9-�� ’��h�9�ih�~��NW?�v�Z��]��X��W��@�� .��,��+�<9��o�oN��’��7��v܌�=��Z�_��o�ׄ_� I�x�=*I#�#o%�’�ge�6o��*�3�A�$dR�)�S�8dH��XC4��~�r��i9��K%��:��Rk^�2��