5

CVE-2007-3986

Exploit
file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) 4.6.3 allows remote attackers to bypass authentication via a name parameter that specifies the eventcache directory and a non-GIF file, which causes the $dontvalidate variable to be set to true. NOTE: a separate traversal vulnerability could be leveraged to download arbitrary files.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.72% 0.744
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://marc.info/?l=bugtraq&m=118522960430476&w=2
Exploit
http://secunia.com/advisories/26167
Vendor Advisory
http://www.oliverkarow.de/research/securityreporter.txt
Exploit
http://www.securecomputing.com/index.cfm?skey=1429
Patch
http://www.securityfocus.com/bid/25027
https://exchange.xforce.ibmcloud.com/vulnerabilities/35591