Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    10 vulnerabilities by visionsoft

    CVE-2007-4151 (GCVE-0-2007-4151)

    Vulnerability from nvd – Published: 2007-08-03 20:00 – Updated: 2024-08-07 14:46
    VLAI
    Summary
    The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 allows remote attackers to obtain sensitive information via (1) a LOG.ON command, which reveals the logging pathname in the server response; (2) a VER command, which reveals the version number in the server response; and (3) a connection, which reveals the version number in the banner.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.portcullis.co.uk/uplds/advisories/vave… x_refsource_MISC
    http://www.securityfocus.com/bid/25153 vdb-entryx_refsource_BID
    http://osvdb.org/46982 vdb-entryx_refsource_OSVDB
    http://www.portcullis.co.uk/uplds/advisories/vapa… x_refsource_MISC
    http://osvdb.org/46981 vdb-entryx_refsource_OSVDB
    http://osvdb.org/46983 vdb-entryx_refsource_OSVDB
    Date Public
    2007-07-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:46:39.353Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.portcullis.co.uk/uplds/advisories/vaversiondisclosure%2006_046.txt"
              },
              {
                "name": "25153",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25153"
              },
              {
                "name": "46982",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/46982"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.portcullis.co.uk/uplds/advisories/vapathdisclosure%2006-043.txt"
              },
              {
                "name": "46981",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/46981"
              },
              {
                "name": "46983",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/46983"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-07-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 allows remote attackers to obtain sensitive information via (1) a LOG.ON command, which reveals the logging pathname in the server response; (2) a VER command, which reveals the version number in the server response; and (3) a connection, which reveals the version number in the banner."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-11-15T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.portcullis.co.uk/uplds/advisories/vaversiondisclosure%2006_046.txt"
            },
            {
              "name": "25153",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25153"
            },
            {
              "name": "46982",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/46982"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.portcullis.co.uk/uplds/advisories/vapathdisclosure%2006-043.txt"
            },
            {
              "name": "46981",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/46981"
            },
            {
              "name": "46983",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/46983"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4151",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 allows remote attackers to obtain sensitive information via (1) a LOG.ON command, which reveals the logging pathname in the server response; (2) a VER command, which reveals the version number in the server response; and (3) a connection, which reveals the version number in the banner."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.portcullis.co.uk/uplds/advisories/vaversiondisclosure%2006_046.txt",
                  "refsource": "MISC",
                  "url": "http://www.portcullis.co.uk/uplds/advisories/vaversiondisclosure%2006_046.txt"
                },
                {
                  "name": "25153",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25153"
                },
                {
                  "name": "46982",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/46982"
                },
                {
                  "name": "http://www.portcullis.co.uk/uplds/advisories/vapathdisclosure%2006-043.txt",
                  "refsource": "MISC",
                  "url": "http://www.portcullis.co.uk/uplds/advisories/vapathdisclosure%2006-043.txt"
                },
                {
                  "name": "46981",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/46981"
                },
                {
                  "name": "46983",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/46983"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4151",
        "datePublished": "2007-08-03T20:00:00.000Z",
        "dateReserved": "2007-08-03T00:00:00.000Z",
        "dateUpdated": "2024-08-07T14:46:39.353Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4152 (GCVE-0-2007-4152)

    Vulnerability from nvd – Published: 2007-08-03 20:00 – Updated: 2024-08-07 14:46
    VLAI
    Summary
    The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 allows remote attackers to conduct replay attacks by capturing and resending data from the DETAILS and PROCESS sections of a session that schedules an audit.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/25153 vdb-entryx_refsource_BID
    http://www.portcullis.co.uk/uplds/advisories/vare… x_refsource_MISC
    http://osvdb.org/46980 vdb-entryx_refsource_OSVDB
    Date Public
    2007-07-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:46:39.361Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "25153",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25153"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.portcullis.co.uk/uplds/advisories/vareplay%2006_044.txt"
              },
              {
                "name": "46980",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/46980"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-07-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 allows remote attackers to conduct replay attacks by capturing and resending data from the DETAILS and PROCESS sections of a session that schedules an audit."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-11-15T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "25153",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25153"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.portcullis.co.uk/uplds/advisories/vareplay%2006_044.txt"
            },
            {
              "name": "46980",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/46980"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4152",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 allows remote attackers to conduct replay attacks by capturing and resending data from the DETAILS and PROCESS sections of a session that schedules an audit."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "25153",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25153"
                },
                {
                  "name": "http://www.portcullis.co.uk/uplds/advisories/vareplay%2006_044.txt",
                  "refsource": "MISC",
                  "url": "http://www.portcullis.co.uk/uplds/advisories/vareplay%2006_044.txt"
                },
                {
                  "name": "46980",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/46980"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4152",
        "datePublished": "2007-08-03T20:00:00.000Z",
        "dateReserved": "2007-08-03T00:00:00.000Z",
        "dateUpdated": "2024-08-07T14:46:39.361Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4150 (GCVE-0-2007-4150)

    Vulnerability from nvd – Published: 2007-08-03 20:00 – Updated: 2024-12-04 15:31
    VLAI
    Summary
    The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 uses weak cryptography (XOR) when (1) transmitting passwords, which allows remote attackers to obtain sensitive information by sniffing the network; and (2) storing passwords in the configuration file, which allows local users to obtain sensitive information by reading this file.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/25153 vdb-entryx_refsource_BID
    http://www.portcullis.co.uk/uplds/advisories/vapa… x_refsource_MISC
    http://osvdb.org/46979 vdb-entryx_refsource_OSVDB
    Date Public
    2007-07-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:46:39.290Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "25153",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25153"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.portcullis.co.uk/uplds/advisories/vapassword%20-%2006-042.txt"
              },
              {
                "name": "46979",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/46979"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2007-4150",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-09T19:45:20.981635Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-04T15:31:04.777Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-07-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 uses weak cryptography (XOR) when (1) transmitting passwords, which allows remote attackers to obtain sensitive information by sniffing the network; and (2) storing passwords in the configuration file, which allows local users to obtain sensitive information by reading this file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-11-15T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "25153",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25153"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.portcullis.co.uk/uplds/advisories/vapassword%20-%2006-042.txt"
            },
            {
              "name": "46979",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/46979"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4150",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 uses weak cryptography (XOR) when (1) transmitting passwords, which allows remote attackers to obtain sensitive information by sniffing the network; and (2) storing passwords in the configuration file, which allows local users to obtain sensitive information by reading this file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "25153",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25153"
                },
                {
                  "name": "http://www.portcullis.co.uk/uplds/advisories/vapassword%20-%2006-042.txt",
                  "refsource": "MISC",
                  "url": "http://www.portcullis.co.uk/uplds/advisories/vapassword%20-%2006-042.txt"
                },
                {
                  "name": "46979",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/46979"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4150",
        "datePublished": "2007-08-03T20:00:00.000Z",
        "dateReserved": "2007-08-03T00:00:00.000Z",
        "dateUpdated": "2024-12-04T15:31:04.777Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4148 (GCVE-0-2007-4148)

    Vulnerability from nvd – Published: 2007-08-03 20:00 – Updated: 2024-08-07 14:46
    VLAI
    Summary
    Heap-based buffer overflow in the Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 allows remote attackers to cause a denial of service (persistent daemon crashes) or execute arbitrary code via a long filename in a "LOG." command.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/25153 vdb-entryx_refsource_BID
    http://www.portcullis.co.uk/uplds/advisories/vahe… x_refsource_MISC
    http://osvdb.org/46977 vdb-entryx_refsource_OSVDB
    Date Public
    2007-07-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:46:39.344Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "25153",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25153"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.portcullis.co.uk/uplds/advisories/vaheapoverflow%20-%2006_040.txt"
              },
              {
                "name": "46977",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/46977"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-07-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 allows remote attackers to cause a denial of service (persistent daemon crashes) or execute arbitrary code via a long filename in a \"LOG.\" command."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-11-15T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "25153",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25153"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.portcullis.co.uk/uplds/advisories/vaheapoverflow%20-%2006_040.txt"
            },
            {
              "name": "46977",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/46977"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4148",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap-based buffer overflow in the Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 allows remote attackers to cause a denial of service (persistent daemon crashes) or execute arbitrary code via a long filename in a \"LOG.\" command."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "25153",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25153"
                },
                {
                  "name": "http://www.portcullis.co.uk/uplds/advisories/vaheapoverflow%20-%2006_040.txt",
                  "refsource": "MISC",
                  "url": "http://www.portcullis.co.uk/uplds/advisories/vaheapoverflow%20-%2006_040.txt"
                },
                {
                  "name": "46977",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/46977"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4148",
        "datePublished": "2007-08-03T20:00:00.000Z",
        "dateReserved": "2007-08-03T00:00:00.000Z",
        "dateUpdated": "2024-08-07T14:46:39.344Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4149 (GCVE-0-2007-4149)

    Vulnerability from nvd – Published: 2007-08-03 20:00 – Updated: 2024-08-07 14:46
    VLAI
    Summary
    The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 does not require authentication for (1) the "LOG." command, which allows remote attackers to create or overwrite arbitrary files; (2) the SETTINGSFILE command, which allows remote attackers to overwrite the ini file, and reconfigure VSAOD or cause a denial of service; or (3) the UNINSTALL command, which allows remote attackers to cause a denial of service (daemon shutdown). NOTE: vector 1 can be leveraged for code execution by writing to a Startup folder.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2007-07-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:46:39.343Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "25153",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25153"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.portcullis.co.uk/uplds/advisories/vauninstall%2006_045.txt"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.portcullis.co.uk/uplds/advisories/vainifileoverwrite%20-%2006_041.txt"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.portcullis.co.uk/uplds/advisories/vafileover-06-039.txt"
              },
              {
                "name": "42462",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/42462"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-07-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 does not require authentication for (1) the \"LOG.\" command, which allows remote attackers to create or overwrite arbitrary files; (2) the SETTINGSFILE command, which allows remote attackers to overwrite the ini file, and reconfigure VSAOD or cause a denial of service; or (3) the UNINSTALL command, which allows remote attackers to cause a denial of service (daemon shutdown).  NOTE: vector 1 can be leveraged for code execution by writing to a Startup folder."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-11-06T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "25153",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25153"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.portcullis.co.uk/uplds/advisories/vauninstall%2006_045.txt"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.portcullis.co.uk/uplds/advisories/vainifileoverwrite%20-%2006_041.txt"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.portcullis.co.uk/uplds/advisories/vafileover-06-039.txt"
            },
            {
              "name": "42462",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/42462"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4149",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 does not require authentication for (1) the \"LOG.\" command, which allows remote attackers to create or overwrite arbitrary files; (2) the SETTINGSFILE command, which allows remote attackers to overwrite the ini file, and reconfigure VSAOD or cause a denial of service; or (3) the UNINSTALL command, which allows remote attackers to cause a denial of service (daemon shutdown).  NOTE: vector 1 can be leveraged for code execution by writing to a Startup folder."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "25153",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25153"
                },
                {
                  "name": "http://www.portcullis.co.uk/uplds/advisories/vauninstall%2006_045.txt",
                  "refsource": "MISC",
                  "url": "http://www.portcullis.co.uk/uplds/advisories/vauninstall%2006_045.txt"
                },
                {
                  "name": "http://www.portcullis.co.uk/uplds/advisories/vainifileoverwrite%20-%2006_041.txt",
                  "refsource": "MISC",
                  "url": "http://www.portcullis.co.uk/uplds/advisories/vainifileoverwrite%20-%2006_041.txt"
                },
                {
                  "name": "http://www.portcullis.co.uk/uplds/advisories/vafileover-06-039.txt",
                  "refsource": "MISC",
                  "url": "http://www.portcullis.co.uk/uplds/advisories/vafileover-06-039.txt"
                },
                {
                  "name": "42462",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/42462"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4149",
        "datePublished": "2007-08-03T20:00:00.000Z",
        "dateReserved": "2007-08-03T00:00:00.000Z",
        "dateUpdated": "2024-08-07T14:46:39.343Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4151 (GCVE-0-2007-4151)

    Vulnerability from cvelistv5 – Published: 2007-08-03 20:00 – Updated: 2024-08-07 14:46
    VLAI
    Summary
    The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 allows remote attackers to obtain sensitive information via (1) a LOG.ON command, which reveals the logging pathname in the server response; (2) a VER command, which reveals the version number in the server response; and (3) a connection, which reveals the version number in the banner.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.portcullis.co.uk/uplds/advisories/vave… x_refsource_MISC
    http://www.securityfocus.com/bid/25153 vdb-entryx_refsource_BID
    http://osvdb.org/46982 vdb-entryx_refsource_OSVDB
    http://www.portcullis.co.uk/uplds/advisories/vapa… x_refsource_MISC
    http://osvdb.org/46981 vdb-entryx_refsource_OSVDB
    http://osvdb.org/46983 vdb-entryx_refsource_OSVDB
    Date Public
    2007-07-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:46:39.353Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.portcullis.co.uk/uplds/advisories/vaversiondisclosure%2006_046.txt"
              },
              {
                "name": "25153",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25153"
              },
              {
                "name": "46982",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/46982"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.portcullis.co.uk/uplds/advisories/vapathdisclosure%2006-043.txt"
              },
              {
                "name": "46981",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/46981"
              },
              {
                "name": "46983",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/46983"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-07-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 allows remote attackers to obtain sensitive information via (1) a LOG.ON command, which reveals the logging pathname in the server response; (2) a VER command, which reveals the version number in the server response; and (3) a connection, which reveals the version number in the banner."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-11-15T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.portcullis.co.uk/uplds/advisories/vaversiondisclosure%2006_046.txt"
            },
            {
              "name": "25153",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25153"
            },
            {
              "name": "46982",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/46982"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.portcullis.co.uk/uplds/advisories/vapathdisclosure%2006-043.txt"
            },
            {
              "name": "46981",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/46981"
            },
            {
              "name": "46983",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/46983"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4151",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 allows remote attackers to obtain sensitive information via (1) a LOG.ON command, which reveals the logging pathname in the server response; (2) a VER command, which reveals the version number in the server response; and (3) a connection, which reveals the version number in the banner."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.portcullis.co.uk/uplds/advisories/vaversiondisclosure%2006_046.txt",
                  "refsource": "MISC",
                  "url": "http://www.portcullis.co.uk/uplds/advisories/vaversiondisclosure%2006_046.txt"
                },
                {
                  "name": "25153",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25153"
                },
                {
                  "name": "46982",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/46982"
                },
                {
                  "name": "http://www.portcullis.co.uk/uplds/advisories/vapathdisclosure%2006-043.txt",
                  "refsource": "MISC",
                  "url": "http://www.portcullis.co.uk/uplds/advisories/vapathdisclosure%2006-043.txt"
                },
                {
                  "name": "46981",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/46981"
                },
                {
                  "name": "46983",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/46983"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4151",
        "datePublished": "2007-08-03T20:00:00.000Z",
        "dateReserved": "2007-08-03T00:00:00.000Z",
        "dateUpdated": "2024-08-07T14:46:39.353Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4152 (GCVE-0-2007-4152)

    Vulnerability from cvelistv5 – Published: 2007-08-03 20:00 – Updated: 2024-08-07 14:46
    VLAI
    Summary
    The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 allows remote attackers to conduct replay attacks by capturing and resending data from the DETAILS and PROCESS sections of a session that schedules an audit.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/25153 vdb-entryx_refsource_BID
    http://www.portcullis.co.uk/uplds/advisories/vare… x_refsource_MISC
    http://osvdb.org/46980 vdb-entryx_refsource_OSVDB
    Date Public
    2007-07-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:46:39.361Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "25153",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25153"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.portcullis.co.uk/uplds/advisories/vareplay%2006_044.txt"
              },
              {
                "name": "46980",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/46980"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-07-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 allows remote attackers to conduct replay attacks by capturing and resending data from the DETAILS and PROCESS sections of a session that schedules an audit."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-11-15T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "25153",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25153"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.portcullis.co.uk/uplds/advisories/vareplay%2006_044.txt"
            },
            {
              "name": "46980",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/46980"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4152",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 allows remote attackers to conduct replay attacks by capturing and resending data from the DETAILS and PROCESS sections of a session that schedules an audit."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "25153",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25153"
                },
                {
                  "name": "http://www.portcullis.co.uk/uplds/advisories/vareplay%2006_044.txt",
                  "refsource": "MISC",
                  "url": "http://www.portcullis.co.uk/uplds/advisories/vareplay%2006_044.txt"
                },
                {
                  "name": "46980",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/46980"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4152",
        "datePublished": "2007-08-03T20:00:00.000Z",
        "dateReserved": "2007-08-03T00:00:00.000Z",
        "dateUpdated": "2024-08-07T14:46:39.361Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4150 (GCVE-0-2007-4150)

    Vulnerability from cvelistv5 – Published: 2007-08-03 20:00 – Updated: 2024-12-04 15:31
    VLAI
    Summary
    The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 uses weak cryptography (XOR) when (1) transmitting passwords, which allows remote attackers to obtain sensitive information by sniffing the network; and (2) storing passwords in the configuration file, which allows local users to obtain sensitive information by reading this file.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/25153 vdb-entryx_refsource_BID
    http://www.portcullis.co.uk/uplds/advisories/vapa… x_refsource_MISC
    http://osvdb.org/46979 vdb-entryx_refsource_OSVDB
    Date Public
    2007-07-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:46:39.290Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "25153",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25153"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.portcullis.co.uk/uplds/advisories/vapassword%20-%2006-042.txt"
              },
              {
                "name": "46979",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/46979"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2007-4150",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-09T19:45:20.981635Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-04T15:31:04.777Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-07-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 uses weak cryptography (XOR) when (1) transmitting passwords, which allows remote attackers to obtain sensitive information by sniffing the network; and (2) storing passwords in the configuration file, which allows local users to obtain sensitive information by reading this file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-11-15T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "25153",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25153"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.portcullis.co.uk/uplds/advisories/vapassword%20-%2006-042.txt"
            },
            {
              "name": "46979",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/46979"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4150",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 uses weak cryptography (XOR) when (1) transmitting passwords, which allows remote attackers to obtain sensitive information by sniffing the network; and (2) storing passwords in the configuration file, which allows local users to obtain sensitive information by reading this file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "25153",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25153"
                },
                {
                  "name": "http://www.portcullis.co.uk/uplds/advisories/vapassword%20-%2006-042.txt",
                  "refsource": "MISC",
                  "url": "http://www.portcullis.co.uk/uplds/advisories/vapassword%20-%2006-042.txt"
                },
                {
                  "name": "46979",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/46979"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4150",
        "datePublished": "2007-08-03T20:00:00.000Z",
        "dateReserved": "2007-08-03T00:00:00.000Z",
        "dateUpdated": "2024-12-04T15:31:04.777Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4148 (GCVE-0-2007-4148)

    Vulnerability from cvelistv5 – Published: 2007-08-03 20:00 – Updated: 2024-08-07 14:46
    VLAI
    Summary
    Heap-based buffer overflow in the Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 allows remote attackers to cause a denial of service (persistent daemon crashes) or execute arbitrary code via a long filename in a "LOG." command.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/25153 vdb-entryx_refsource_BID
    http://www.portcullis.co.uk/uplds/advisories/vahe… x_refsource_MISC
    http://osvdb.org/46977 vdb-entryx_refsource_OSVDB
    Date Public
    2007-07-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:46:39.344Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "25153",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25153"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.portcullis.co.uk/uplds/advisories/vaheapoverflow%20-%2006_040.txt"
              },
              {
                "name": "46977",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/46977"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-07-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 allows remote attackers to cause a denial of service (persistent daemon crashes) or execute arbitrary code via a long filename in a \"LOG.\" command."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-11-15T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "25153",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25153"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.portcullis.co.uk/uplds/advisories/vaheapoverflow%20-%2006_040.txt"
            },
            {
              "name": "46977",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/46977"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4148",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap-based buffer overflow in the Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 allows remote attackers to cause a denial of service (persistent daemon crashes) or execute arbitrary code via a long filename in a \"LOG.\" command."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "25153",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25153"
                },
                {
                  "name": "http://www.portcullis.co.uk/uplds/advisories/vaheapoverflow%20-%2006_040.txt",
                  "refsource": "MISC",
                  "url": "http://www.portcullis.co.uk/uplds/advisories/vaheapoverflow%20-%2006_040.txt"
                },
                {
                  "name": "46977",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/46977"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4148",
        "datePublished": "2007-08-03T20:00:00.000Z",
        "dateReserved": "2007-08-03T00:00:00.000Z",
        "dateUpdated": "2024-08-07T14:46:39.344Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4149 (GCVE-0-2007-4149)

    Vulnerability from cvelistv5 – Published: 2007-08-03 20:00 – Updated: 2024-08-07 14:46
    VLAI
    Summary
    The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 does not require authentication for (1) the "LOG." command, which allows remote attackers to create or overwrite arbitrary files; (2) the SETTINGSFILE command, which allows remote attackers to overwrite the ini file, and reconfigure VSAOD or cause a denial of service; or (3) the UNINSTALL command, which allows remote attackers to cause a denial of service (daemon shutdown). NOTE: vector 1 can be leveraged for code execution by writing to a Startup folder.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2007-07-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:46:39.343Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "25153",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25153"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.portcullis.co.uk/uplds/advisories/vauninstall%2006_045.txt"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.portcullis.co.uk/uplds/advisories/vainifileoverwrite%20-%2006_041.txt"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.portcullis.co.uk/uplds/advisories/vafileover-06-039.txt"
              },
              {
                "name": "42462",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/42462"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-07-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 does not require authentication for (1) the \"LOG.\" command, which allows remote attackers to create or overwrite arbitrary files; (2) the SETTINGSFILE command, which allows remote attackers to overwrite the ini file, and reconfigure VSAOD or cause a denial of service; or (3) the UNINSTALL command, which allows remote attackers to cause a denial of service (daemon shutdown).  NOTE: vector 1 can be leveraged for code execution by writing to a Startup folder."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-11-06T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "25153",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25153"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.portcullis.co.uk/uplds/advisories/vauninstall%2006_045.txt"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.portcullis.co.uk/uplds/advisories/vainifileoverwrite%20-%2006_041.txt"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.portcullis.co.uk/uplds/advisories/vafileover-06-039.txt"
            },
            {
              "name": "42462",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/42462"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4149",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 does not require authentication for (1) the \"LOG.\" command, which allows remote attackers to create or overwrite arbitrary files; (2) the SETTINGSFILE command, which allows remote attackers to overwrite the ini file, and reconfigure VSAOD or cause a denial of service; or (3) the UNINSTALL command, which allows remote attackers to cause a denial of service (daemon shutdown).  NOTE: vector 1 can be leveraged for code execution by writing to a Startup folder."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "25153",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25153"
                },
                {
                  "name": "http://www.portcullis.co.uk/uplds/advisories/vauninstall%2006_045.txt",
                  "refsource": "MISC",
                  "url": "http://www.portcullis.co.uk/uplds/advisories/vauninstall%2006_045.txt"
                },
                {
                  "name": "http://www.portcullis.co.uk/uplds/advisories/vainifileoverwrite%20-%2006_041.txt",
                  "refsource": "MISC",
                  "url": "http://www.portcullis.co.uk/uplds/advisories/vainifileoverwrite%20-%2006_041.txt"
                },
                {
                  "name": "http://www.portcullis.co.uk/uplds/advisories/vafileover-06-039.txt",
                  "refsource": "MISC",
                  "url": "http://www.portcullis.co.uk/uplds/advisories/vafileover-06-039.txt"
                },
                {
                  "name": "42462",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/42462"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4149",
        "datePublished": "2007-08-03T20:00:00.000Z",
        "dateReserved": "2007-08-03T00:00:00.000Z",
        "dateUpdated": "2024-08-07T14:46:39.343Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }