Vulnerabilities > CVE-2007-3986 - Directory Traversal Vulnerability And Authentication Bypass vulnerability in Securecomputing Securityreporter 4.6.3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) 4.6.3 allows remote attackers to bypass authentication via a name parameter that specifies the eventcache directory and a non-GIF file, which causes the $dontvalidate variable to be set to true. NOTE: a separate traversal vulnerability could be leveraged to download arbitrary files.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | CGI abuses |
| NASL id | SECURITYREPORTER_463P1.NASL |
| description | The |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 25994 |
| published | 2007-09-06 |
| reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/25994 |
| title | SecurityReporter < 4.6.3p1 Multiple Vulnerabilities |