13 matches found
EUVD-2020-22023
Malware in sbrugna...
EUVD-2020-22024
Malware in sbrugna...
CVE-2020-29666
In Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value...
CVE-2020-29667
In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration...
The vulnerability of ScrutisWeb monitoring software for bank ATMs lies in its ability to download files of a malicious nature without limitation, allowing an attacker to execute arbitrary code.
The vulnerability of ScrutisWeb banknote monitoring software lies in its ability to download unlimited amounts of dangerous files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by downloading any file...
Lan ATMService M3 ATM Monitoring System Directory Traversal Vulnerability
Lan ATMService M3 ATM Monitoring System is a software for monitoring ATM machines from the Russian company Lan ATMService. A directory traversal vulnerability exists in Lan ATMService M3 ATM Monitoring System 6.1.0. An attacker can use this vulnerability to view log files in /websocket/logs/ that...
CVE-2020-29666
In Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value...
CVE-2020-29667
In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration...
Directory traversal
In Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value...
Session fixation
In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration...
CVE-2020-29667
In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration...
CVE-2020-29667
The CVE-2020-29667 entry affects Lan ATMService M3 ATM Monitoring System 6.1.0. Reported weakness: Insufficient session expiration enabled by using a default cookie value (e.g., PHPSESSID=LANIT-IMANAGER), which an unauthenticated remote attacker can exploit to gain control over the system. Connec...
CVE-2020-29666
The CVE-2020-29666 issue affects Lan ATMService M3 ATM Monitoring System 6.1.0. A directory-listing vulnerability in the web interface allows a remote attacker to read log files under /websocket/logs/ that contain a user cookie and the predefined developer cookie value. The underlying root cause ...