Unrated severityNVD Advisory· Published Jul 25, 2007· Updated Jun 16, 2026
CVE-2007-3986
CVE-2007-3986
Description
file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) 4.6.3 allows remote attackers to bypass authentication via a name parameter that specifies the eventcache directory and a non-GIF file, which causes the $dontvalidate variable to be set to true. NOTE: a separate traversal vulnerability could be leveraged to download arbitrary files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:securecomputing:securityreporter:4.6.3:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:securecomputing:securityreporter:4.6.3:*:*:*:*:*:*:*
- (no CPE)range: =4.6.3
Patches
Vulnerability mechanics
References
6- www.securecomputing.com/index.cfmnvdPatch
- marc.infonvdExploit
- www.oliverkarow.de/research/securityreporter.txtnvdExploit
- secunia.com/advisories/26167nvdVendor Advisory
- www.securityfocus.com/bid/25027nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/35591nvd
News mentions
0No linked articles in our index yet.