12 matches found
EUVD-2020-22024
Malware in sbrugna...
EUVD-2020-22023
Malware in sbrugna...
CVE-2020-29666
In Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value...
CVE-2020-29667
In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration...
Lan ATMService M3 ATM Monitoring System Directory Traversal Vulnerability
Lan ATMService M3 ATM Monitoring System is a software for monitoring ATM machines from the Russian company Lan ATMService. A directory traversal vulnerability exists in Lan ATMService M3 ATM Monitoring System 6.1.0. An attacker can use this vulnerability to view log files in /websocket/logs/ that...
CVE-2020-29666
In Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value...
CVE-2020-29667
In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration...
Directory traversal
In Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value...
Session fixation
In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration...
CVE-2020-29667
In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration...
CVE-2020-29667
The CVE-2020-29667 entry affects Lan ATMService M3 ATM Monitoring System 6.1.0. Reported weakness: Insufficient session expiration enabled by using a default cookie value (e.g., PHPSESSID=LANIT-IMANAGER), which an unauthenticated remote attacker can exploit to gain control over the system. Connec...
CVE-2020-29666
The CVE-2020-29666 issue affects Lan ATMService M3 ATM Monitoring System 6.1.0. A directory-listing vulnerability in the web interface allows a remote attacker to read log files under /websocket/logs/ that contain a user cookie and the predefined developer cookie value. The underlying root cause ...