Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.100951 |
Kategorie: | General |
Titel: | Visionsoft Audit Multiple Vulnerabilities |
Zusammenfassung: | Visionsoft Audit is prone to multiple vulnerabilities. |
Beschreibung: | Summary: Visionsoft Audit is prone to multiple vulnerabilities. Vulnerability Insight: The Visionsoft Audit on Demand service may be vulnerable to multiple issues which can be exploited remotely without authentication: - Heap overflow via LOG command (CVE-2007-4148) - Multiple arbitrary file overwrites via LOG and SETTINGSFILE command (CVE-2007-4149) - Denial of service via UNINSTALL command (CVE-2007-4149) Additionally, the underlying protocol for authentication has been reported as being vulnerable to replay attacks (CVE-2007-4152) and the settings file is typically installed with inappropriate permissions (CVE-2007-4150). Solution: We recommend that Visionsoft are contacted for a patch. To mitigate this flaw filter inbound traffic to 5957/tcp to only known management hosts. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2007-4148 BugTraq ID: 25153 http://www.securityfocus.com/bid/25153 http://www.portcullis.co.uk/uplds/advisories/vaheapoverflow%20-%2006_040.txt http://osvdb.org/46977 Common Vulnerability Exposure (CVE) ID: CVE-2007-4149 http://www.portcullis.co.uk/uplds/advisories/vafileover-06-039.txt http://www.portcullis.co.uk/uplds/advisories/vainifileoverwrite%20-%2006_041.txt http://www.portcullis.co.uk/uplds/advisories/vauninstall%2006_045.txt http://osvdb.org/42462 Common Vulnerability Exposure (CVE) ID: CVE-2007-4150 http://www.portcullis.co.uk/uplds/advisories/vapassword%20-%2006-042.txt http://osvdb.org/46979 Common Vulnerability Exposure (CVE) ID: CVE-2007-4151 http://www.portcullis.co.uk/uplds/advisories/vapathdisclosure%2006-043.txt http://www.portcullis.co.uk/uplds/advisories/vaversiondisclosure%2006_046.txt http://osvdb.org/46981 http://osvdb.org/46982 http://osvdb.org/46983 Common Vulnerability Exposure (CVE) ID: CVE-2007-4152 http://www.portcullis.co.uk/uplds/advisories/vareplay%2006_044.txt http://osvdb.org/46980 |
Copyright | Copyright (C) 2009 Tim Brown |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |