CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-42261
https://notcve.org/view.php?id=CVE-2021-42261
Revisor Video Management System (VMS) before 2.0.0 has a directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of restricted directory on the remote server. This could lead to the disclosure of sensitive data on the vulnerable server. Revisor Video Management System (VMS) versiones anteriores a 2.0.0, presenta una vulnerabilidad de salto de directorio. Una explotación con éxito podría permitir a un atacante saltar el sistema de archivos para acceder a archivos o directorios que están fuera del directorio restringido en el servidor remoto. • https://github.com/jet-pentest/CVE-2021-42261 https://revisorlab.com • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2020-6785 – Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer
https://notcve.org/view.php?id=CVE-2020-6785
Loading a DLL through an Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer in versions 10.1.0, 10.0.1, 10.0.0 and 9.0.0 and older potentially allows an attacker to execute arbitrary code on a victim's system. This affects both the installer as well as the installed application. This also affects Bosch DIVAR IP 7000 R2, Bosch DIVAR IP all-in-one 5000 and Bosch DIVAR IP all-in-one 7000 with installers and installed BVMS versions prior to BVMS 10.1.1. Cargar una DLL mediante un Elemento de Ruta de Búsqueda no Controlada en Bosch BVMS y BVMS Viewer en las versiones 10.1.0, 10.0.1, 10.0.0 y 9.0.0 y anteriores, permite a un atacante ejecutar código arbitrario en el sistema de una víctima. Esto afecta tanto al instalador como a la aplicación instalada. • https://psirt.bosch.com/security-advisories/bosch-sa-835563-bt.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.6EPSS: 0%CPEs: 19EXPL: 0CVE-2020-6768 – Path Traversal in Bosch Video Management System (BVMS)
https://notcve.org/view.php?id=CVE-2020-6768
A path traversal vulnerability in the Bosch Video Management System (BVMS) NoTouch deployment allows an unauthenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch BVMS Viewer versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable BVMS version is installed. Una vulnerabilidad de salto de ruta en la implementación NoTouch de Bosch Video Management System (BVMS), permite a un atacante remoto no autenticado leer archivos arbitrarios desde el Servidor Central. • https://psirt.bosch.com/security-advisories/bosch-sa-815013-bt.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.7EPSS: 0%CPEs: 19EXPL: 0CVE-2020-6767 – Path Traversal in Bosch Video Management System (BVMS)
https://notcve.org/view.php?id=CVE-2020-6767
A path traversal vulnerability in the Bosch Video Management System (BVMS) FileTransferService allows an authenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch BVMS Viewer versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable BVMS version is installed. Una vulnerabilidad de salto de ruta en el FileTransferService de Bosch Video Management System (BVMS), permite a un atacante remoto autenticado leer archivos arbitrarios del Servidor Central. • https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-sa-381489-bt_cve-2020-6767_securityadvisory_bvms_pathtraversal.pdf https://psirt.bosch.com/security-advisories/BOSCH-SA-381489-BT.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2019-8952
https://notcve.org/view.php?id=CVE-2019-8952
A Path Traversal vulnerability located in the webserver affects several Bosch hardware and software products. The vulnerability potentially allows a remote authorized user to access arbitrary files on the system via the network interface. Affected hardware products: Bosch DIVAR IP 2000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.62.0019 and newer), Bosch DIVAR IP 5000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.80.0033 and newer). Affected software products: Video Recording Manager (VRM) (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; 3.70; 3.71 before 3.71.0032 ; fixed versions: 3.71.0032; 3.81.0032 and newer), Bosch Video Management System (BVMS) (vulnerable versions: 3.50.00XX; 3.55.00XX; 3.60.00XX; 3.70.0056; fixed versions: 7.5; 3.71.0032). Una vulnerabilidad de salto de directorio ubicada en el servidor web afecta a varios productos de hardware y software de Bosch. • https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2019-0402bt-cve-2019-8952_security_advisory_vrm_path_traversal.pdf https://psirt.bosch.com https://psirt.bosch.com/Advisory/BOSCH-2019-0402.html https://www.boschsecurity.com/xc/en/support/product-security/security-advisories.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •