Geovision: Security Vulnerabilities
Use-after-free vulnerability in the LIVEAUDIO.LiveAudioCtrl.1 ActiveX control in LIVEAU~1.OCX 7.0 for GeoVision DVR systems allows remote attackers to execute arbitrary code by calling the GetAudioPlayingTime method with certain arguments.
CVSS Score
9.3
EPSS Score
0.061
Published
2009-03-25
Directory traversal vulnerability in the SnapShotToFile method in the GeoVision LiveX (aka LiveX_v8200) ActiveX control 8.1.2 and 8.2.0 in LIVEX_~1.OCX allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument, possibly involving the PlayX and SnapShotX methods.
CVSS Score
8.8
EPSS Score
0.01
Published
2009-03-10
GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0, when set to create JPEG images, does not properly protect an image even when a password and username is assigned, which may allow remote attackers to gain sensitive information via a direct request to the image.
CVSS Score
5.0
EPSS Score
0.05
Published
2005-05-14
GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0 uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via sniffing.
CVSS Score
7.5
EPSS Score
0.005
Published
2005-05-14
GeoHttpServer, when configured to authenticate users, allows remote attackers to bypass authentication and access unauthorized files via a URL that contains %0a%0a (encoded newlines).
CVSS Score
5.0
EPSS Score
0.004
Published
2004-12-31
The sysinfo script in GeoHttpServer allows remote attackers to cause a denial of service (crash) via a long pwd parameter, possibly triggering a buffer overflow.
CVSS Score
5.0
EPSS Score
0.01
Published
2004-12-31
Page 2