Vulnerabilities > CVE-2001-0871 - Remote Command Execution vulnerability in Alchemy Eye
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Directory traversal vulnerability in HTTP server for Alchemy Eye and Alchemy Network Monitor allows remote attackers to execute arbitrary commands via an HTTP request containing (1) a .. in versions 2.0 through 2.6.18, or (2) a DOS device name followed by a .. in versions 2.6.19 through 3.0.10.
Vulnerable Configurations
Nessus
NASL family | CGI abuses |
NASL id | ALCHEMY_EYE_HTTP.NASL |
description | Alchemy Eye and Alchemy Network Monitor are network management tools for Microsoft Windows. The product contains a built-in HTTP server for remote monitoring and control. This HTTP server allows arbitrary commands to be run on the server by a remote attacker. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 10818 |
published | 2001-12-03 |
reporter | This script is Copyright (C) 2001-2018 H D Moore & Drew Hintz ( http://guh.nu ) |
source | https://www.tenable.com/plugins/nessus/10818 |
title | Alchemy Eye/Network Monitor Traversal Arbitrary Command Execution |