CVE-2007-4151 Information

Description

The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 allows remote attackers to obtain sensitive information via (1) a LOG.ON command which reveals the logging pathname in the server response; (2) a VER command which reveals the version number in the server response; and (3) a connection which reveals the version number in the banner.

Reference

http://osvdb.org/46981 http://osvdb.org/46982 http://osvdb.org/46983 http://www.portcullis.co.uk/uplds/advisories/vapathdisclosure2006-043.txt http://www.portcullis.co.uk/uplds/advisories/vaversiondisclosure2006_046.txt http://www.securityfocus.com/bid/25153