Vulnerabilities > CVE-2001-0871

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
alchemy-lab
dek-software
nessus
NVD
Published: 2001-12-21
Updated: 2024-11-20

Summary

Directory traversal vulnerability in HTTP server for Alchemy Eye and Alchemy Network Monitor allows remote attackers to execute arbitrary commands via an HTTP request containing (1) a .. in versions 2.0 through 2.6.18, or (2) a DOS device name followed by a .. in versions 2.6.19 through 3.0.10.

Vulnerable Configurations

Part Description Count
Application
Alchemy_Lab
11
Application
Dek_Software
1

Nessus

NASL familyCGI abuses
NASL idALCHEMY_EYE_HTTP.NASL
descriptionAlchemy Eye and Alchemy Network Monitor are network management tools for Microsoft Windows. The product contains a built-in HTTP server for remote monitoring and control. This HTTP server allows arbitrary commands to be run on the server by a remote attacker.
last seen2020-06-01
modified2020-06-02
plugin id10818
published2001-12-03
reporterThis script is Copyright (C) 2001-2018 H D Moore & Drew Hintz ( http://guh.nu )
sourcehttps://www.tenable.com/plugins/nessus/10818
titleAlchemy Eye/Network Monitor Traversal Arbitrary Command Execution

References