Search criteria
2 vulnerabilities found for Digital Video Protection DVP by VideoFlow Ltd.
CVE-2019-25256 (GCVE-0-2019-25256)
Vulnerability from nvd – Published: 2025-12-24 19:28 – Updated: 2025-12-24 20:21
VLAI?
Title
VideoFlow Digital Video Protection DVP 2.10 Authenticated Directory Traversal
Summary
VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers to access arbitrary system files through unvalidated 'ID' parameters. Attackers can exploit multiple Perl scripts like downloadsys.pl to read sensitive files by manipulating directory path traversal in download requests.
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| VideoFlow Ltd. | Digital Video Protection DVP |
Affected:
2.10
Affected: 1.40.0.15 Affected: 2.10.0.5 |
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25256",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-24T20:00:55.381089Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T20:21:37.347Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "http://www.video-flow.com"
},
{
"tags": [
"exploit"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5454.php"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Digital Video Protection DVP",
"vendor": "VideoFlow Ltd.",
"versions": [
{
"status": "affected",
"version": "2.10"
},
{
"status": "affected",
"version": "1.40.0.15"
},
{
"status": "affected",
"version": "2.10.0.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2018-02-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers to access arbitrary system files through unvalidated \u0027ID\u0027 parameters. Attackers can exploit multiple Perl scripts like downloadsys.pl to read sensitive files by manipulating directory path traversal in download requests."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T19:28:05.689Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-44386",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/44386"
},
{
"name": "VideoFlow Product Web Page",
"tags": [
"product"
],
"url": "http://www.video-flow.com"
},
{
"name": "Zero Science Lab Disclosure (ZSL-2018-5454)",
"tags": [
"third-party-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5454.php"
}
],
"title": "VideoFlow Digital Video Protection DVP 2.10 Authenticated Directory Traversal",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2019-25256",
"datePublished": "2025-12-24T19:28:05.689Z",
"dateReserved": "2025-12-24T14:27:12.478Z",
"dateUpdated": "2025-12-24T20:21:37.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-25256 (GCVE-0-2019-25256)
Vulnerability from cvelistv5 – Published: 2025-12-24 19:28 – Updated: 2025-12-24 20:21
VLAI?
Title
VideoFlow Digital Video Protection DVP 2.10 Authenticated Directory Traversal
Summary
VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers to access arbitrary system files through unvalidated 'ID' parameters. Attackers can exploit multiple Perl scripts like downloadsys.pl to read sensitive files by manipulating directory path traversal in download requests.
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| VideoFlow Ltd. | Digital Video Protection DVP |
Affected:
2.10
Affected: 1.40.0.15 Affected: 2.10.0.5 |
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25256",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-24T20:00:55.381089Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T20:21:37.347Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "http://www.video-flow.com"
},
{
"tags": [
"exploit"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5454.php"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Digital Video Protection DVP",
"vendor": "VideoFlow Ltd.",
"versions": [
{
"status": "affected",
"version": "2.10"
},
{
"status": "affected",
"version": "1.40.0.15"
},
{
"status": "affected",
"version": "2.10.0.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2018-02-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers to access arbitrary system files through unvalidated \u0027ID\u0027 parameters. Attackers can exploit multiple Perl scripts like downloadsys.pl to read sensitive files by manipulating directory path traversal in download requests."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T19:28:05.689Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-44386",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/44386"
},
{
"name": "VideoFlow Product Web Page",
"tags": [
"product"
],
"url": "http://www.video-flow.com"
},
{
"name": "Zero Science Lab Disclosure (ZSL-2018-5454)",
"tags": [
"third-party-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5454.php"
}
],
"title": "VideoFlow Digital Video Protection DVP 2.10 Authenticated Directory Traversal",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2019-25256",
"datePublished": "2025-12-24T19:28:05.689Z",
"dateReserved": "2025-12-24T14:27:12.478Z",
"dateUpdated": "2025-12-24T20:21:37.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}