16 matches found
EUVD-2007-3970
Malware in sbrugna...
SecurityReporter < 4.6.3p1 Multiple Vulnerabilities
The 'file.cgi' script included with the version of SecurityReporter installed on the remote host fails to sanitize input to the 'name' parameter before returning the contents of the specified file and supports bypassing authentication using specially crafted arguments. An unauthenticated, remote...
CVE-2007-4043
file.cgi in Secure Computing SecurityReporter aka Network Security Analyzer before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with a "%00.gif" sequence. NOTE: a separate traversal vulnerability could be leveraged to download arbitrary files...
CVE-2007-4043
file.cgi in Secure Computing SecurityReporter aka Network Security Analyzer before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with a "%00.gif" sequence. NOTE: a separate traversal vulnerability could be leveraged to download arbitrary files...
CVE-2007-4043
file.cgi in Secure Computing SecurityReporter aka Network Security Analyzer before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with a "%00.gif" sequence. NOTE: a separate traversal vulnerability could be leveraged to download arbitrary files...
CVE-2007-4043
CVE-2007-4043 affects Secure Computing SecurityReporter (aka Network Security Analyzer) prior to 4.6.3. A vulnerability allows remote attackers to bypass authentication via a name parameter ending with a “%00.gif” sequence, and a separate traversal vulnerability could be leveraged to download arb...
Authentication flaw
file.cgi in Secure Computing SecurityReporter aka Network Security Analyzer 4.6.3 allows remote attackers to bypass authentication via a name parameter that specifies the eventcache directory and a non-GIF file, which causes the $dontvalidate variable to be set to true. NOTE: a separate traversal...
CVE-2007-3985
Directory traversal vulnerability in file.cgi in Secure Computing SecurityReporter aka Network Security Analyzer 4.6.3 allows remote attackers to download arbitrary files via a .. dot dot in the name parameter...
CVE-2007-3986
file.cgi in Secure Computing SecurityReporter aka Network Security Analyzer 4.6.3 allows remote attackers to bypass authentication via a name parameter that specifies the eventcache directory and a non-GIF file, which causes the $dontvalidate variable to be set to true. NOTE: a separate traversal...
CVE-2007-3985
Directory traversal vulnerability in file.cgi in Secure Computing SecurityReporter aka Network Security Analyzer 4.6.3 allows remote attackers to download arbitrary files via a .. dot dot in the name parameter...
CVE-2007-3985
The CVE-2007-3985 issue affects Secure Computing SecurityReporter (aka Network Security Analyzer) version 4.6.3, where the file.cgi script fails to sanitize the name parameter. This enables a directory traversal attack (".." in the name) allowing remote attackers to download arbitrary files from ...
CVE-2007-3986
file.cgi in Secure Computing SecurityReporter aka Network Security Analyzer 4.6.3 allows remote attackers to bypass authentication via a name parameter that specifies the eventcache directory and a non-GIF file, which causes the $dontvalidate variable to be set to true. NOTE: a separate traversal...
CVE-2007-3986
CVE-2007-3986 affects Secure Computing SecurityReporter (aka Network Security Analyzer) 4.6.3. The issue is in the file.cgi component where the name parameter can specify an eventcache directory and a non-GIF file, bypassing authentication by setting the $dontvalidate variable. A separate travers...
SecurityReporter目录遍历及绕过认证漏洞
BUGTRAQ ID: 25027 SecurityReporter是Sidewinder安全设备的安全事件分析和报表解决方案。 SecurityReporter的file.cgi文件允许用户绕过认证: 8 $name = $field'name'; 9 10 for gif images we dont care about authorization so just serve it without 11 bothering the reporting engine again. See bug: 3676 for details. 12 $dontvalidate = "false...
securityreporter-traverse.txt
SECURITYREPORTER - AUTHENTICATION BYPASS AND DIRECTORY TRAVERSAL VULNERABILITY Product: SecurityReporter Version: 4.6.3 Build Date: 04/20/2007 Platform: Win32 Vendor: Secure Computing www.securecomputing.com Product Description ------------------- "SecurityReporter is a security event analysis an...
[Full-disclosure] Secure Computing - Security Reporter Auth Bypass and Directory Traversal Vulnerability
SECURITYREPORTER - AUTHENTICATION BYPASS AND DIRECTORY TRAVERSAL VULNERABILITY Product: SecurityReporter Version: 4.6.3 Build Date: 04/20/2007 Platform: Win32 Vendor: Secure Computing www.securecomputing.com Product Description ------------------- "SecurityReporter is a security event analysis an...