Published: 29/08/2007 Updated: 29/09/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 510

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Multiple absolute path traversal vulnerabilities in the nvUtility.Utility.1 ActiveX control in nvUtility.dll 1.0.14.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allow remote malicious users to (1) create or overwrite arbitrary files via a full pathname in the first argument to the SaveXMLFile method or (2) delete arbitrary files via a full pathname in the argument to the DeleteXMLFile method.

Vulnerable Product	Search on Vulmon	Subscribe to Product
acti network video recorder sp2_2.0

-------------------------------------------------------------------------------------------- NVR SP2 20 nvUtilityUtility1 (nvUtilitydll v 10140) "SaveXMLFile()" Inscure Method url: wwwacticom/indexasp author: shinnai mail: shinnai[at]autistici[dot]org site: shinnaialtervistaorg This was written for educational pu ...

---------------------------------------------------------------------------------------------- NVR SP2 20 nvUtilityUtility1 (nvUtilitydll v 10140) "DeleteXMLFile()" Inscure Method url: wwwacticom/indexasp author: shinnai mail: shinnai[at]autistici[dot]org site: shinnaialtervistaorg This was written for educationa ...

CWE-22 http://www.securityfocus.com/bid/25465 http://secunia.com/advisories/26622 http://osvdb.org/38386 http://osvdb.org/38387 http://www.vupen.com/english/advisories/2007/2993 https://exchange.xforce.ibmcloud.com/vulnerabilities/36304 https://exchange.xforce.ibmcloud.com/vulnerabilities/36303 https://www.exploit-db.com/exploits/4324 https://www.exploit-db.com/exploits/4323 https://nvd.nist.gov https://www.exploit-db.com/exploits/4323/

CVE-2007-4583

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect