| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 26 Apr 2012 17:44:52 GMT From: ddivulnalert@...frontline.com To: bugtraq@...urityfocus.com Subject: DDIVRT-2012-41 ACTi Web Configurator cgi-bin Directory Traversal Title ----- DDIVRT-2012-41 ACTi Web Configurator cgi-bin Directory Traversal Severity -------- High Date Discovered --------------- March 8, 2012 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: shmoov and r@...$ Vulnerability Description ------------------------- The ACTi Web Configurator 3.0 for ACTi IP Surveillance Cameras contains a directory traversal vulnerability within the cgi-bin directory. An unauthenticated remote attacker can use this vulnerability to retrieve arbitrary files that are located outside the root of the web server. Solution Description -------------------- The production of the cameras employing this version of the ACTi Web Configurator have been discontinued. However, a firmware upgrade which addresses the issue is available for download from the ACTi support team. Please contact the ACTi support team to retrieve the firmware upgrade and instructions on how to apply the changes. Tested Systems / Software ------------------------- ACTi Web Configurator 3.0 - camera version unknown Vendor Contact -------------- Vendor Name: ACTi Corporation | http://www.acti.com/corporate/Brief.asp Vendor Website: http://www.acti.com/home/index.asp
Powered by blists - more mailing lists