Vulnerabilities > CVE-2007-3985 - Directory Traversal Vulnerability And Authentication Bypass vulnerability in Securecomputing Securityreporter 4.6.3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Directory traversal vulnerability in file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) 4.6.3 allows remote attackers to download arbitrary files via a .. (dot dot) in the name parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | CGI abuses |
| NASL id | SECURITYREPORTER_463P1.NASL |
| description | The |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 25994 |
| published | 2007-09-06 |
| reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/25994 |
| title | SecurityReporter < 4.6.3p1 Multiple Vulnerabilities |
References
- http://marc.info/?l=bugtraq&m=118522960430476&w=2
- http://osvdb.org/43770
- http://secunia.com/advisories/26167
- http://www.oliverkarow.de/research/securityreporter.txt
- http://www.securecomputing.com/index.cfm?skey=1429
- http://www.securityfocus.com/bid/25027
- http://www.securitytracker.com/id?1018443
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35585