PY Software Active Webcam 4.3/5.5 - WebServer Multiple Vulnerabilities

Author: Sowhat
type: remote
platform: windows
port: 
date_added: 2005-03-10 
date_updated: 2013-05-05 
verified: 1 
codes: CVE-2005-0731;OSVDB-14639 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/12778/info

Active Webcam webserver is reported prone to multiple vulnerabilities. The following individual issues are reported:

The first issue, a denial of service is reported to manifest when a request is received for a file that exists on a floppy drive.

A remote attacker may exploit this issue to deny service for legitimate users.

A denial of service is reported to exist when the 'Filelist.html' file is requested.

A remote attacker may exploit this issue to deny service for legitimate users.

An installation path disclosure vulnerability is reported to affect Active Webcam. It is reported that a request for a non-existent file will result in an error message that contains the installation path of the software.

A remote attacker may exploit this issue to gain information regarding the filesystem on a target computer.

An information disclosure vulnerability is reported to affect Active Webcam. It is reported that this vulnerability exists because different error messages are returned to a request for a file depending on whether the file exists or not.

A remote attacker may exploit this issue to gain information regarding the filesystem on a target computer.

http://www.example.com:8080/Filelist.html
http://www.example.com:8080/A:\a.txt
http://www.example.com:8080/a