Jaime Blasco

6 exploits Active since May 2006
CVE-2006-3603 EXPLOITDB text WRITEUP
FlexWATCH Network Camera <= 3.0 - Cross-Site Scripting via index.php URL Parameter
Cross-site scripting (XSS) vulnerability in index.php in FlexWATCH Network Camera 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL.
CVE-2006-2653 EXPLOITDB text WORKING POC
D-Link DSA-3100 AirSpot Gateway - Cross-Site Scripting via login_error.shtml uname Parameter
Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter.
CVE-2006-2490 EXPLOITDB text WORKING POC
Mobotix IP Network Camera <2.2.3.18 (M10/D10) & <3.0.3.31 (M22) XSS via URL-Encoded Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Mobotix IP Network Cameras M1 1.9.4.7 and M10 2.0.5.2, and other versions before 2.2.3.18 for M10/D10 and 3.0.3.31 for M22, allow remote attackers to inject arbitrary web script or HTML via URL-encoded values in (1) the query string to help/help, (2) the get_image_info_abspath parameter to control/eventplayer, and (3) the source_ip parameter to events.tar.
CVE-2006-2490 EXPLOITDB text WORKING POC
Mobotix IP Network Camera <2.2.3.18 (M10/D10) & <3.0.3.31 (M22) XSS via URL-Encoded Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Mobotix IP Network Cameras M1 1.9.4.7 and M10 2.0.5.2, and other versions before 2.2.3.18 for M10/D10 and 3.0.3.31 for M22, allow remote attackers to inject arbitrary web script or HTML via URL-encoded values in (1) the query string to help/help, (2) the get_image_info_abspath parameter to control/eventplayer, and (3) the source_ip parameter to events.tar.
CVE-2006-2490 EXPLOITDB text WRITEUP
Mobotix IP Network Camera <2.2.3.18 (M10/D10) & <3.0.3.31 (M22) XSS via URL-Encoded Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Mobotix IP Network Cameras M1 1.9.4.7 and M10 2.0.5.2, and other versions before 2.2.3.18 for M10/D10 and 3.0.3.31 for M22, allow remote attackers to inject arbitrary web script or HTML via URL-encoded values in (1) the query string to help/help, (2) the get_image_info_abspath parameter to control/eventplayer, and (3) the source_ip parameter to events.tar.
CVE-2006-3604 EXPLOITDB text WRITEUP
FlexWATCH Network Camera <= 3.0 - Directory Traversal via Dot-Dot-Encoded Slash Sequence
Directory traversal vulnerability in FlexWATCH Network Camera 3.0 and earlier allows remote attackers to bypass access restrictions for (1) admin/aindex.asp or (2) admin/aindex.html via a .. (dot dot) and encoded / (%2f) sequence in the URL.