Vulnerabilities > CVE-2007-3985 - Directory Traversal Vulnerability And Authentication Bypass vulnerability in Securecomputing Securityreporter 4.6.3

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
securecomputing
nessus

Summary

Directory traversal vulnerability in file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) 4.6.3 allows remote attackers to download arbitrary files via a .. (dot dot) in the name parameter.

Vulnerable Configurations

Part Description Count
Application
Securecomputing
1

Nessus

NASL familyCGI abuses
NASL idSECURITYREPORTER_463P1.NASL
descriptionThe
last seen2020-06-01
modified2020-06-02
plugin id25994
published2007-09-06
reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/25994
titleSecurityReporter < 4.6.3p1 Multiple Vulnerabilities