Vulnerability in Securecomputing Securityreporter
CVE-2007-3985
Directory traversal vulnerability in file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) 4.6.3 allows remote attackers to download arbitrary files via a .. (dot dot) in the name parameter.
EPSS: 0.019 (77.2th percentile) — read the EPSS interpretation.
Affected products
- Securecomputing Securityreporter — versions 4.6.3
- N/a — versions n/a
References
- cve@mitre.org (x_refsource_CONFIRM, Patch)
- cve@mitre.org (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- cve@mitre.org (vdb-entry, x_refsource_XF)
- cve@mitre.org (vdb-entry, x_refsource_BID)
- cve@mitre.org (vdb-entry, x_refsource_SECTRACK)
- cve@mitre.org (x_refsource_OSVDB, vdb-entry)
- cve@mitre.org (Exploit, x_refsource_MISC)
- cve@mitre.org (mailing-list, Exploit, x_refsource_BUGTRAQ)