18 matches found
CVE-2007-4150
The Visionsoft Audit on Demand Service VSAOD in Visionsoft Audit 12.4.0.0 uses weak cryptography XOR when 1 transmitting passwords, which allows remote attackers to obtain sensitive information by sniffing the network; and 2 storing passwords in the configuration file, which allows local users to...
Command injection
The Visionsoft Audit on Demand Service VSAOD in Visionsoft Audit 12.4.0.0 allows remote attackers to obtain sensitive information via 1 a LOG.ON command, which reveals the logging pathname in the server response; 2 a VER command, which reveals the version number in the server response; and 3 a...
CVE-2007-4149
The Visionsoft Audit on Demand Service VSAOD in Visionsoft Audit 12.4.0.0 does not require authentication for 1 the "LOG." command, which allows remote attackers to create or overwrite arbitrary files; 2 the SETTINGSFILE command, which allows remote attackers to overwrite the ini file, and...
CVE-2007-4152
The Visionsoft Audit on Demand Service VSAOD in Visionsoft Audit 12.4.0.0 allows remote attackers to conduct replay attacks by capturing and resending data from the DETAILS and PROCESS sections of a session that schedules an audit...
Design/Logic Flaw
The Visionsoft Audit on Demand Service VSAOD in Visionsoft Audit 12.4.0.0 allows remote attackers to conduct replay attacks by capturing and resending data from the DETAILS and PROCESS sections of a session that schedules an audit...
CVE-2007-4151
The Visionsoft Audit on Demand Service VSAOD in Visionsoft Audit 12.4.0.0 allows remote attackers to obtain sensitive information via 1 a LOG.ON command, which reveals the logging pathname in the server response; 2 a VER command, which reveals the version number in the server response; and 3 a...
CVE-2007-4148
CVE-2007-4148 concerns Visionsoft Audit’s Audit on Demand Service (VSAOD). A heap-based buffer overflow in VSAOD (Visionsoft Audit 12.4.0.0) is triggered by a long filename in a "LOG." command, enabling remote attackers to cause persistent daemon crashes and, per NVD, potentially execute arbitrar...
CVE-2007-4151
The Visionsoft Audit on Demand Service VSAOD in Visionsoft Audit 12.4.0.0 allows remote attackers to obtain sensitive information via 1 a LOG.ON command, which reveals the logging pathname in the server response; 2 a VER command, which reveals the version number in the server response; and 3 a...
CVE-2007-4151
The CVE-2007-4151 issue affects Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0. It enables remote information disclosure via (1) LOG.ON (reveals the logging pathname), (2) VER (reveals the server version in responses), and (3) the banner in an initial connection. CVSSv2 b...
CVE-2007-4149
The Visionsoft Audit on Demand Service VSAOD in Visionsoft Audit 12.4.0.0 does not require authentication for 1 the "LOG." command, which allows remote attackers to create or overwrite arbitrary files; 2 the SETTINGSFILE command, which allows remote attackers to overwrite the ini file, and...
CVE-2007-4149
CVE-2007-4149 affects Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0. The issue occurs because unauthenticated remote commands (LOG., SETTINGSFILE, UNINSTALL) allow arbitrary file creation/overwrite, reconfiguration of VSAOD, or denial of service (daemon shutdown). The fi...
CVE-2007-4150
The CVE-2007-4150 issue affects Visionsoft Audit 12.4.0.0 (Visionsoft Audit) where weak cryptography (XOR) is used for passwords: during transmission over the network (passwords can be sniffed) and in the configuration file (local read access can reveal passwords). No further exploit details are ...
CVE-2007-4150
The Visionsoft Audit on Demand Service VSAOD in Visionsoft Audit 12.4.0.0 uses weak cryptography XOR when 1 transmitting passwords, which allows remote attackers to obtain sensitive information by sniffing the network; and 2 storing passwords in the configuration file, which allows local users to...
CVE-2007-4152
The CVE-2007-4152 issue affects Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0. The vulnerability allows remote replay of data from the DETAILS and PROCESS sections of a session that schedules an audit. This is the stated impact in the provided documents; no exploitation ...
CVE-2007-4152
The Visionsoft Audit on Demand Service VSAOD in Visionsoft Audit 12.4.0.0 allows remote attackers to conduct replay attacks by capturing and resending data from the DETAILS and PROCESS sections of a session that schedules an audit...
vainifileoverwrite-06_041.txt
Portcullis Security Advisory 06-041 Vulnerable System: Visionsoft Audit Vulnerability Title: Ths VSAOD server allows unauthenticated ini file overwrites. Vulnerability discovery and development: Portcullis Security Testing Services discovered this vulnerability during an application assessment...
vafileoverwrite-06-039.txt
Portcullis Security Advisory 06-039 Vulnerable System: Visionsoft Audit Vulnerability Title: The VSAOD server allows unauthenticated arbitrary file overwrites. Vulnerability Discovery and Development: Portcullis Security Testing Services during an application assessment. Further research was...
Portcullis Security Advisory 06-039
Portcullis Security Advisory 06-039 Vulnerable System: Visionsoft Audit Vulnerability Title: The VSAOD server allows unauthenticated arbitrary file overwrites. Vulnerability Discovery and Development: Portcullis Security Testing Services during an application assessment. Further research was...