Active Webcam webserver is reported prone to multiple vulnerabilities. The following individual issues are reported: The first issue, a denial of service is reported to manifest when a request is received for a file that exists on a floppy drive. A remote attacker may exploit this issue to deny service for legitimate users. A denial of service is reported to exist when the 'Filelist.html' file is requested. A remote attacker may exploit this issue to deny service for legitimate users. An installation path disclosure vulnerability is reported to affect Active Webcam. It is reported that a request for a non-existent file will result in an error message that contains the installation path of the software. A remote attacker may exploit this issue to gain information regarding the filesystem on a target computer. An information disclosure vulnerability is reported to affect Active Webcam. It is reported that this vulnerability exists because different error messages are returned to a...
Active Webcam webserver is reported prone to multiple vulnerabilities. The following individual issues are reported: The first issue, a denial of service is reported to manifest when a request is received for a file that exists on a floppy drive. A remote attacker may exploit this issue to deny service for legitimate users. A denial of service is reported to exist when the 'Filelist.html' file is requested. A remote attacker may exploit this issue to deny service for legitimate users. An installation path disclosure vulnerability is reported to affect Active Webcam. It is reported that a request for a non-existent file will result in an error message that contains the installation path of the software. A remote attacker may exploit this issue to gain information regarding the filesystem on a target computer. An information disclosure vulnerability is reported to affect Active Webcam. It is reported that this vulnerability exists because different error messages are returned to a request for a file depending on whether the file exists or not. A remote attacker may exploit this issue to gain information regarding the filesystem on a target computer.
