18 matches found
EUVD-2007-3969
Malware in sbrugna...
SecurityReporter < 4.6.3p1 Multiple Vulnerabilities
The 'file.cgi' script included with the version of SecurityReporter installed on the remote host fails to sanitize input to the 'name' parameter before returning the contents of the specified file and supports bypassing authentication using specially crafted arguments. An unauthenticated, remote...
CVE-2007-4043
CVE-2007-4043 affects Secure Computing SecurityReporter (aka Network Security Analyzer) prior to 4.6.3. A vulnerability allows remote attackers to bypass authentication via a name parameter ending with a “%00.gif” sequence, and a separate traversal vulnerability could be leveraged to download arb...
CVE-2007-3985
Directory traversal vulnerability in file.cgi in Secure Computing SecurityReporter aka Network Security Analyzer 4.6.3 allows remote attackers to download arbitrary files via a .. dot dot in the name parameter...
CVE-2007-3986
file.cgi in Secure Computing SecurityReporter aka Network Security Analyzer 4.6.3 allows remote attackers to bypass authentication via a name parameter that specifies the eventcache directory and a non-GIF file, which causes the $dontvalidate variable to be set to true. NOTE: a separate traversal...
Directory traversal
Directory traversal vulnerability in file.cgi in Secure Computing SecurityReporter aka Network Security Analyzer 4.6.3 allows remote attackers to download arbitrary files via a .. dot dot in the name parameter...
CVE-2007-3986
file.cgi in Secure Computing SecurityReporter aka Network Security Analyzer 4.6.3 allows remote attackers to bypass authentication via a name parameter that specifies the eventcache directory and a non-GIF file, which causes the $dontvalidate variable to be set to true. NOTE: a separate traversal...
[Full-disclosure] Secure Computing - Security Reporter Auth Bypass and Directory Traversal Vulnerability
SECURITYREPORTER - AUTHENTICATION BYPASS AND DIRECTORY TRAVERSAL VULNERABILITY Product: SecurityReporter Version: 4.6.3 Build Date: 04/20/2007 Platform: Win32 Vendor: Secure Computing www.securecomputing.com Product Description ------------------- "SecurityReporter is a security event analysis an...
CVE-2007-0228
The DataCollector service in EIQ Networks Network Security Analyzer allows remote attackers to cause a denial of service service crash via a 1 &CONNECTSERVER& 2 &ADDENTRY& 3 &FIN& 4 &START& 5 &LOGPATH& 6 &FWADELTA& 7 &FWALOG& 8 &SETSYNCHRONOUS& 9 &SETPRGFILE&, or 10 &SETREPLYPORT& string to TCP...
Null pointer dereference
The DataCollector service in EIQ Networks Network Security Analyzer allows remote attackers to cause a denial of service service crash via a 1 &CONNECTSERVER& 2 &ADDENTRY& 3 &FIN& 4 &START& 5 &LOGPATH& 6 &FWADELTA& 7 &FWALOG& 8 &SETSYNCHRONOUS& 9 &SETPRGFILE&, or 10 &SETREPLYPORT& string to TCP...
CVE-2007-0228
The CVE-2007-0228 entry affects the DataCollector service of EIQ Networks Network Security Analyzer. A malformed string sent over TCP port 10618 (including sequences like &CONNECTSERVER&, &ADDENTRY&, &FIN&, &START&, &LOGPATH&, &FWADELTA&, &FWALOG&, &SETSYNCHRONOUS&, &SETPRGFILE&, or &SETREPLYPORT...
CVE-2007-0228
The DataCollector service in EIQ Networks Network Security Analyzer allows remote attackers to cause a denial of service service crash via a 1 &CONNECTSERVER& 2 &ADDENTRY& 3 &FIN& 4 &START& 5 &LOGPATH& 6 &FWADELTA& 7 &FWALOG& 8 &SETSYNCHRONOUS& 9 &SETPRGFILE&, or 10 &SETREPLYPORT& string to TCP...
eiq-dos.txt
Title: ------------------- EIQ Networks Network Security Analyzer DoS Vulnerability Vendor Notified: ------------------- Now? Background Info: ------------------- EIQ Networks Product Site: http://www.eiqnetworks.com/products/NetworkSecurityAnalyzer.shtml Description: ------------------- Remote...
[Full-disclosure] EIQ Networks Network Security Analyzer DoS Vulnerability
Title: ------------------- EIQ Networks Network Security Analyzer DoS Vulnerability Vendor Notified: ------------------- Now? Background Info: ------------------- EIQ Networks Product Site: http://www.eiqnetworks.com/products/NetworkSecurityAnalyzer.shtml Description: ------------------- Remote...
EIQ Networks Network Security Analyzer DoS
Crash on malformed command to TCP/10618 port...
eIQnetworks Network Security Analyzer Null Pointer Dereference Exploit
Exploit for unknown platform in category dos / poc ====================================================================== eIQnetworks Network Security Analyzer Null Pointer Dereference Exploit ====================================================================== !c:\python\python.exe uncomment...
eIQnetworks Enterprise Security Analyzer Monitoring.exe Multiple Command Overflow
The version of eIQnetworks Enterprise Security Analyzer, Network Security Analyzer, or one of its OEM versions installed on the remote host contains a buffer overflow in its Monitoring Agent service. Using a long argument to a command, an unauthenticated, remote attacker may be able to leverage...
eIQnetworks Enterprise Security Analyzer EnterpriseSecurityAnalyzer.exe LICMGR_ADDLICENSE Command Remote Overflow
The version of eIQnetworks Enterprise Security Analyzer, Network Security Analyzer, or one of its OEM versions installed on the remote host contains a buffer overflow in its License Manager service. Using a long argument to the 'LICMGRADDLICENSE' command, an unauthenticated remote attacker may be...