CVSS: 5.0EPSS: 3%CPEs: 1EXPL: 3CVE-2009-5087 – GeoVision Digital Video Surveillance System 8.2 - Arbitrary File Disclosure
https://notcve.org/view.php?id=CVE-2009-5087
Directory traversal vulnerability in geohttpserver in Geovision Digital Video Surveillance System 8.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET request. Vulnerabilidad de directorio transversal en geohttpserver en Geovision Digital Video Surveillance System v8.2 permite a atacantes remotos leer archivos arbitrarios a través de un .. (punto punto) en una petición GET. • https://www.exploit-db.com/exploits/8041 http://osvdb.org/51886 http://secunia.com/advisories/33924 http://securityreason.com/securityalert/8372 http://www.exploit-db.com/exploits/8041 http://www.securityfocus.com/archive/1/500858/100/0/threaded http://www.securityfocus.com/bid/33735 https://exchange.xforce.ibmcloud.com/vulnerabilities/48674 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 16%CPEs: 1EXPL: 3CVE-2009-1092 – GeoVision LiveAudio - ActiveX Remote Freed-Memory Access
https://notcve.org/view.php?id=CVE-2009-1092
Use-after-free vulnerability in the LIVEAUDIO.LiveAudioCtrl.1 ActiveX control in LIVEAU~1.OCX 7.0 for GeoVision DVR systems allows remote attackers to execute arbitrary code by calling the GetAudioPlayingTime method with certain arguments. Una vulnerabilidad de uso de memoria previamente liberada en el control ActiveX de LIVEAUDIO.LiveAudioCtrl.1 en LIVEAU~1.OCX versión 7.0 para sistemas DVR de GeoVision, permite a los atacantes remotos ejecutar código arbitrario mediante el llamado al método GetAudioPlayingTime con ciertos argumentos. • https://www.exploit-db.com/exploits/8206 http://retrogod.altervista.org/9sg_geovision_liveaudio_freedmem.html http://www.securityfocus.com/archive/1/501773/100/0/threaded http://www.securityfocus.com/bid/34115 https://exchange.xforce.ibmcloud.com/vulnerabilities/49238 • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 7%CPEs: 2EXPL: 2CVE-2009-0865 – GeoVision LiveX 8200 - ActiveX 'LIVEX_~1.OCX' File Corruption
https://notcve.org/view.php?id=CVE-2009-0865
Directory traversal vulnerability in the SnapShotToFile method in the GeoVision LiveX (aka LiveX_v8200) ActiveX control 8.1.2 and 8.2.0 in LIVEX_~1.OCX allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument, possibly involving the PlayX and SnapShotX methods. Vulnerabilidad de salto de directorio en el método SnapShotToFile en el control ActiveX GeoVision LiveX (tambien conocido como LiveX_v8200) v8.1.2 y 8.2.0 en LIVEX_~1.OCX lo que permite a atacantes remotos crear o sobrescribir ficheros arbitrariamente a través de ..(punto punto) en el argumento, posiblemente implicando los métodos PlayX y SnapShotX. • https://www.exploit-db.com/exploits/8059 http://secunia.com/advisories/33969 http://www.securityfocus.com/bid/33782 https://exchange.xforce.ibmcloud.com/vulnerabilities/48773 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 4%CPEs: 3EXPL: 3CVE-2005-1552 – GeoVision Digital Surveillance System 6.0 4/6.1 - Unauthorized '.JPEG' Image Access
https://notcve.org/view.php?id=CVE-2005-1552
GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0, when set to create JPEG images, does not properly protect an image even when a password and username is assigned, which may allow remote attackers to gain sensitive information via a direct request to the image. • https://www.exploit-db.com/exploits/25643 http://marc.info/?l=bugtraq&m=111574131105737&w=2 http://secunia.com/advisories/15330 http://www.esqo.com/research/advisories/2005/100505-1.txt http://www.osvdb.org/16340 http://www.securityfocus.com/bid/13571 https://exchange.xforce.ibmcloud.com/vulnerabilities/20537 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2005-1553
https://notcve.org/view.php?id=CVE-2005-1553
GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0 uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via sniffing. • http://marc.info/?l=bugtraq&m=111574131105737&w=2 http://www.esqo.com/research/advisories/2005/100505-1.txt http://www.osvdb.org/16341 https://exchange.xforce.ibmcloud.com/vulnerabilities/20538 •