Test ID:	1.3.6.1.4.1.25623.1.0.10818
Category:	Web application abuses
Title:	Alchemy Eye HTTP Command Execution
Summary:	Determines if arbitrary commands can be executed by Alchemy Eye
Description:	Alchemy Eye and Alchemy Network Monitor are network management tools for Microsoft Windows. The product contains a built-in HTTP server for remote monitoring and control. This HTTP server allows arbitrary commands to be run on the server by a remote attacker. (Taken from the security announcement by http://www.rapid7.com.) Solution : Either disable HTTP access in Alchemy Eye, or require authentication for Alchemy Eye. Both of these can be set in the Alchemy Eye preferences. More Information : http://www.securityfocus.com/archive/1/243404
Cross-Ref:	BugTraq ID: 3599 Common Vulnerability Exposure (CVE) ID: CVE-2001-0871 Bugtraq: 20011129 Rapid 7 Advisory R7-0001: Alchemy Eye HTTP Remote Command Execution (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=100714173510535&w=2 CERT/CC vulnerability note: VU#220715 http://www.kb.cert.org/vuls/id/220715 http://www.securityfocus.com/bid/3599 XForce ISS Database: alchemy-http-dot-commands(7625) http://xforce.iss.net/xforce/xfdb/7625 XForce ISS Database: alchemy-http-dot-variant(7626) http://xforce.iss.net/static/7626.php
Copyright	This script is Copyright (C) 2001 H D Moore & Drew Hintz ( http://guh.nu )

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: