CVE-2007-4583

ACTi NVR SP2 2.0 - Path Traversal

Title source: llm

Description

Multiple absolute path traversal vulnerabilities in the nvUtility.Utility.1 ActiveX control in nvUtility.dll 1.0.14.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allow remote attackers to (1) create or overwrite arbitrary files via a full pathname in the first argument to the SaveXMLFile method or (2) delete arbitrary files via a full pathname in the argument to the DeleteXMLFile method.

Exploits (2)

exploitdb WORKING POC VERIFIED

by shinnai · htmlremotewindows

https://www.exploit-db.com/exploits/4323

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by shinnai · htmlremotewindows

https://www.exploit-db.com/exploits/4324

View Code ZIP pw:eip

References (9)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/36304

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4324

[Third Party Advisory] http://secunia.com/advisories/26622

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/36303

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4323

[Third Party Advisory, VDB Entry] http://osvdb.org/38387

[Third Party Advisory, VDB Entry] http://osvdb.org/38386

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/25465

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/2993

Scores

EPSS 0.1314

EPSS Percentile 94.1%

Details

CWE

CWE-22

Status published

Products (1)

acti/network_video_recorder sp2_2.0

Published Aug 29, 2007

Tracked Since Feb 18, 2026