CVE-2007-4583

Loading...

General

Score:5.0/10.0
Severity:Medium
Category:Path Manipulation
Exploit:Available

Impact Metrics

Confidentiality:None
Integrity:Partial
Availability:None

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Published on 29/08/07 - Updated on 29/09/17

Description

Multiple absolute path traversal vulnerabilities in the nvUtility.Utility.1 ActiveX control in nvUtility.dll 1.0.14.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allow remote attackers to (1) create or overwrite arbitrary files via a full pathname in the first argument to the SaveXMLFile method or (2) delete arbitrary files via a full pathname in the argument to the DeleteXMLFile method.

Category: Path Manipulation

CWE-22 (Path Traversal)
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Security Notices

US National Vulnerability DatabaseCVE-2007-4583

Exploits

Exploit-DBEDB-4323, EDB-4324
SecurityFocusBID-25465

Relative technologies

VendorProduct
actinetwork_video_recorder

Share this vulnerability with:

Twitter Facebook LinkedIn Mail