Multiple absolute path traversal vulnerabilities in the nvUtility.Utility.1 ActiveX control in nvUtility.dll 1.0.14.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allow remote attackers to (1) create or overwrite arbitrary files via a full pathname in the first argument to the SaveXMLFile method or (2) delete arbitrary files via a full pathname in the argument to the DeleteXMLFile method.
AV:N/AC:L/Au:N/C:N/I:P/A:NActi Network Video Recorder
APPActisp2_2.0
Related vulnerabilities
Buffer overflow in the nvUnifiedControl.AUnifiedControl.1 ActiveX control in nvUnifiedControl.dll 1.1.45.0 in ...
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly r...
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web applica...
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random def...
ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows remote unauthenticated attackers to trigge...