 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2007-4149 |
| Description: | The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 does not require authentication for (1) the "LOG." command, which allows remote attackers to create or overwrite arbitrary files; (2) the SETTINGSFILE command, which allows remote attackers to overwrite the ini file, and reconfigure VSAOD or cause a denial of service; or (3) the UNINSTALL command, which allows remote attackers to cause a denial of service (daemon shutdown). NOTE: vector 1 can be leveraged for code execution by writing to a Startup folder. |
| Test IDs: | None available |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2007-4149 BugTraq ID: 25153 http://www.securityfocus.com/bid/25153 http://www.portcullis.co.uk/uplds/advisories/vafileover-06-039.txt http://www.portcullis.co.uk/uplds/advisories/vainifileoverwrite%20-%2006_041.txt http://www.portcullis.co.uk/uplds/advisories/vauninstall%2006_045.txt http://osvdb.org/42462 |