{"vulnerability": "cve-2021-27197", "sightings": [{"uuid": "ebb1812e-f848-4ea1-ae31-225a1533aab3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-27197", "type": "seen", "source": "https://t.me/cibsecurity/23541", "content": "\u203c CVE-2021-27197 \u203c\n\nDSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arbitrary file write vulnerability. The AppendToTextFile method doesn't check if it's being called from the application or from a malicious user. The vulnerability is triggered when a remote attacker crafts an HTML page (e.g., with \"OBJECT classid=\" and \"\") to overwrite arbitrary files.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-12T18:43:36.000000Z"}]}