Hi. There is a Directory traversal vulnerability in Geovision Digital Video Surveillance System (geohttpserver)version 8.2. POC: http://remotehost/../../../../../../windows/system32/whatever.something PATCH: Vendor has published the new version (8.3) Regards, Dejan Levaja NSS d.o.o. dejan[dot]levaja[at]netsec[dot]rs