https://www.exploit-db.com/exploits/25207
https://www.securityfocus.com/bid/90181
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200503-089

PYSoftwareActiveWebcamWebServer(webcam.exe)5.5允许远程攻击者通过对Filelist.html的直接请求实施拒绝服务攻击(CPU消耗)。

source: http://www.securityfocus.com/bid/12778/info

Active Webcam webserver is reported prone to multiple vulnerabilities. The following individual issues are reported:

The first issue, a denial of service is reported to manifest when a request is received for a file that exists on a floppy drive.

A remote attacker may exploit this issue to deny service for legitimate users.

A denial of service is reported to exist when the 'Filelist.html' file is requested.

A remote attacker may exploit this issue to deny service for legitimate users.

An installation path disclosure vulnerability is reported to affect Active Webcam. It is reported that a request for a non-existent file will result in an error message that contains the installation path of the software.

A remote attacker may exploit this issue to gain information regarding the filesystem on a target computer.

An information disclosure vulnerability is reported to affect Active Webcam. It is reported that this vulnerability exists because different error messages are returned to a request for a file depending on whether the file exists or not.

A remote attacker may exploit this issue to gain information regarding the filesystem on a target computer. 

http://www.example.com:8080/Filelist.html
http://www.example.com:8080/A:a.txt
http://www.example.com:8080/a

PY Software Active WebCam 5.5

来源:XF
名称:active-webcam-filelist-dos(19650)
链接:http://xforce.iss.net/xforce/xfdb/19650
来源:MISC
链接:http://secway.org/advisory/ad20050104.txt
来源:SECUNIA
名称:14553
链接:http://secunia.com/advisories/14553
来源:FULLDISC
名称:20050310MultipleVulnerabilitiesofPYSoftwareActiveWebcamWebServer
链接:http://archives.neohapsis.com/archives/fulldisclosure/2005-03/0216.html