19 matches found
Allegro Software RomPager Misfortune Cookie (CVE-2014-9222) Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Allegro Software RomPager 'Misfortune Cookie' CVE-2014-9222 Scanner", 'Description' = %q This module scans for HTTP servers that appear to be...
Allegro Software RomPager Misfortune Cookie (CVE-2014-9222) Authentication Bypass
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Allegro Software RomPager 'Misfortune Cookie' CVE-2014-9222 Authentication Bypass", 'Description' = %q This module exploits HTTP servers that...
plantamedia.org Cross Site Scripting vulnerability OBB-3946367
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
odindesignthemes.com Cross Site Scripting vulnerability OBB-3887059
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
ncrjobs.in Cross Site Scripting vulnerability OBB-3844985
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
edojudiciary.gov.ng Improper Access Control vulnerability OBB-1237877
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
gamesonomy.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1161401 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
CVE-2014-9222
creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/allegrorompagermisfortunecookie.rb 2018-05-29 15:50:33+00:00| seen|...
New Mirai Variant Roars into Action With 54 Hour DDoS Attacks
A variant of the Mirai malware pummeled a U.S. college last month with a marathon 54-hour long attack. Researchers say this latest Mirai variant is a more potent version of the notorious Mirai malware that made headlines in October, targeting DNS provider Dyn and the Krebs on Security website. Th...
Allegro v4.34 权限提升漏洞
Allegro v4.34 权限提升漏洞 1.漏洞分析 在RomPager 4.34版之前(RomPager软件已有10多年的历史)存在一个严重的漏洞,这个漏洞被称为厄运 cookie(Misfortune Cookie),这是因为它可以让黑客通过操作cookie来控制HTTP请求的“幸运值”。 这个漏洞编号为CVE-2014-9222,如果攻击者向存在漏洞的RomPager服务器发送特定请求,会使得这类网关设备内存紊乱,攻击者获得管理权限。 这个漏洞正在影响全球1200万台路由器安全, D-Link、 TP-Link、华为、中兴等品牌均受到影响,攻击者可以利用漏洞远程控制设备及监控流量...
Allegro RomPager HTTP Cookie Management Remote Code Execution Vulnerability (Misfortune Cookie)
Nessus was able to overwrite the request path by sending a specially crafted cookie to the remote web server. It is, therefore, affected by multiple vulnerabilities : - A flaw in HTTP cookie management in the embedded web server allows a remote attacker to execute arbitrary code with administrati...
Immunity Canvas: CVE_2014_9222
Name| CVE20149222 ---|--- CVE| CVE-2014-9222 Exploit Pack| CANVAS Description| CVE-2014-9222 Misfortune Cookie Notes| CVE Name: CVE-2014-9222 VENDOR: Alegro Notes: This module exploits the arbitrary memory overwrite vulnerability in RomPager embedded web-server, which was originally introduced by...
CVE-2014-9222
CVE-2014-9222 corresponds to the Misfortune Cookie vulnerability in Allegro RomPager, affecting RomPager embedded web servers 4.01–4.34 (used in Huawei Home Gateway and Capsule DTS). The flaw allows remote attackers to gain administrator privileges by sending a crafted HTTP cookie that triggers m...
Allegro RomPager HTTP Cookie Management Remote Code Execution Vulnerability (Misfortune Cookie)
According to its banner, the remote host is running a version of Allegro Software RomPager 4.07 to 4.33. It is, therefore, affected by multiple vulnerabilities : - A flaw in HTTP cookie management in the embedded web server allows a remote attacker to execute arbitrary code with administrative...
Vulnerability warning: doom cookie Misfortune Cookie vulnerability affects the global 1 2 0 0 million router-vulnerability warning-the black bar safety net
One called“doom cookie Misfortune Cookie”a serious vulnerability is affecting the global 1 2 0 0 million router security, D-Link, TP-Link, Huawei, ZTE and other brands are affected, the attacker can use a vulnerability of remote control devices and monitoring traffic. Learn about the“doom...
Allegro Software RomPager 'Misfortune Cookie' (CVE-2014-9222) Scanner
This module scans for HTTP servers that appear to be vulnerable to the 'Misfortune Cookie' vulnerability which affects Allegro Software Rompager versions before 4.34 and can allow attackers to authenticate to the HTTP service as an administrator without providing valid credentials. This module...
Security Advisory-Multiple Vulnerabilities in the RomPager Component of Home Gateway
RomPager is the embedded web server from AllegroSoft. RomPager component has two vulnerabilities. Some Huawei Home Gateway products use RomPager component and are affected by these two vulnerabilities. RomPager Authentication Security Bypass –Misfortune Cookie: The vulnerability is due to an...
Multiple broadband routers use vulnerable versions of Allegro RomPager
Overview Multiple broadband routers use vulnerable versions of Allegro RomPager in current firmware releases. Description Many home and office/home office SOHO routers have been found to be using vulnerable versions of the Allegro RomPager embedded web server. Allegro RomPager versions prior to...
RomPager Authentication Security Bypass - Misfortune Cookie (CVE-2014-9222)
An authentication bypass vulnerability exists in RomPager Server. The vulnerability is due to an insecure design in the RomPager Server. Remote attacker could exploit this vulnerability to access the RomPager web-server under administrator privileges...