VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 26, 2001· Updated Apr 16, 2026

CVE-2001-1108

CVE-2001-1108

Description

SnapStream PVS 1.2a's web interface allows remote attackers to read arbitrary files via directory traversal.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

SnapStream PVS 1.2a's web interface allows remote attackers to read arbitrary files via directory traversal.

Vulnerability

SnapStream Personal Video Station (PVS) version 1.2a for Microsoft Windows contains a directory traversal vulnerability in its HTTP interface, which runs on port 8129. Attackers can exploit this by crafting a web request using ../ sequences to navigate outside the web root directory [1].

Exploitation

An attacker needs network access to the SnapStream PVS web interface. They can exploit this vulnerability by sending a crafted URL containing ../ sequences to traverse directories and access arbitrary files on the server's filesystem [1]. An example URL provided is http://home.victim.com:8080/../../../../autoexec.bat [1].

Impact

Successful exploitation allows a remote attacker to read arbitrary files from the server, potentially disclosing confidential information. If exploited in conjunction with Bugtraq ID 3101, an attacker can also obtain the administrative password for Snapstream [1].

Mitigation

No specific patched version or release date is disclosed in the available references. Users are advised to consult SnapStream for further information regarding this vulnerability [1].

References
  1. SnapStream Personal Video Station 1.2 a - PVS Directory Traversal

AI Insight generated on Jun 7, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Snapstream/Pvs2 versions
    cpe:2.3:a:snapstream:pvs:1.2a:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:snapstream:pvs:1.2a:*:*:*:*:*:*:*
    • (no CPE)range: 1.2a

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

5

News mentions

0

No linked articles in our index yet.