CVE-2007-4583

Multiple absolute path traversal vulnerabilities in the nvUtility.Utility.1 ActiveX control in nvUtility.dll 1.0.14.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allow remote attackers to (1) create or overwrite arbitrary files via a full pathname in the first argument to the SaveXMLFile method or (2) delete arbitrary files via a full pathname in the argument to the DeleteXMLFile method.

MILW0RM: http://www.milw0rm.com/exploits/4323
MILW0RM: http://www.milw0rm.com/exploits/4324
BID: http://www.securityfocus.com/bid/25465
VUPEN: http://www.vupen.com/english/advisories/2007/2993
OSVDB: http://osvdb.org/38386
OSVDB: http://osvdb.org/38387
SECUNIA: http://secunia.com/advisories/26622
XF: http://xforce.iss.net/xforce/xfdb/36303
XF: http://xforce.iss.net/xforce/xfdb/36304
CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4583

8 years
235 countries
252k users
1568k calculations
Logo www.inv-technology.com
Logo www.i4wifi.cz
Logo blog.camcloud.com
Logo www.a1securitycameras.com
Logo sectech.co.nz
Logo www.eleksys.cz