Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) 4.6.3 allows remote attackers to bypass authentication via a name parameter that specifies the eventcache directory and a non-GIF file, which causes the $dontvalidate variable to be set to true. NOTE: a separate traversal vulnerability could be leveraged to download arbitrary files.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SecurityReporter绕过认证漏洞
Vulnerability Description
SecurityReporter是Sidewinder安全设备的安全事件分析和报表解决方案。 SecurityReporter的file.cgi文件允许用户绕过认证: 8 $name = $field{'name'}; 9 10 #for gif images we dont care about authorization so just serve it without 11 #bothering the reporting engine again. See bug: 3676 for detail
CVSS Information
N/A
Vulnerability Type
N/A