Vulnerabilities > CVE-2007-3986 - Unspecified vulnerability in Securecomputing Securityreporter 4.6.3
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN securecomputing
nessus
Summary
file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) 4.6.3 allows remote attackers to bypass authentication via a name parameter that specifies the eventcache directory and a non-GIF file, which causes the $dontvalidate variable to be set to true. NOTE: a separate traversal vulnerability could be leveraged to download arbitrary files.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | CGI abuses |
| NASL id | SECURITYREPORTER_463P1.NASL |
| description | The |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 25994 |
| published | 2007-09-06 |
| reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/25994 |
| title | SecurityReporter < 4.6.3p1 Multiple Vulnerabilities |
References
- http://marc.info/?l=bugtraq&m=118522960430476&w=2
- http://marc.info/?l=bugtraq&m=118522960430476&w=2
- http://secunia.com/advisories/26167
- http://secunia.com/advisories/26167
- http://www.oliverkarow.de/research/securityreporter.txt
- http://www.oliverkarow.de/research/securityreporter.txt
- http://www.securecomputing.com/index.cfm?skey=1429
- http://www.securecomputing.com/index.cfm?skey=1429
- http://www.securityfocus.com/bid/25027
- http://www.securityfocus.com/bid/25027
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35591
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35591