Lucene search
K

19 matches found

Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.425 views

Allegro Software RomPager Misfortune Cookie (CVE-2014-9222) Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Allegro Software RomPager 'Misfortune Cookie' CVE-2014-9222 Scanner", 'Description' = %q This module scans for HTTP servers that appear to be...

10CVSS7AI score0.63748EPSS
Exploits12
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.320 views

Allegro Software RomPager Misfortune Cookie (CVE-2014-9222) Authentication Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Allegro Software RomPager 'Misfortune Cookie' CVE-2014-9222 Authentication Bypass", 'Description' = %q This module exploits HTTP servers that...

10CVSS7AI score0.63748EPSS
Exploits12
Openbugbounty
Openbugbounty
added 2024/07/16 11:22 a.m.7 views

plantamedia.org Cross Site Scripting vulnerability OBB-3946367

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/03/26 1:51 p.m.6 views

odindesignthemes.com Cross Site Scripting vulnerability OBB-3887059

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/01/28 6:28 a.m.12 views

ncrjobs.in Cross Site Scripting vulnerability OBB-3844985

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/07/25 10:44 a.m.9 views

edojudiciary.gov.ng Improper Access Control vulnerability OBB-1237877

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

7.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/05/14 1:28 p.m.8 views

gamesonomy.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1161401 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

6.2AI score
Exploits0
Circl
Circl
added 2018/05/29 3:50 p.m.28 views

CVE-2014-9222

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/allegrorompagermisfortunecookie.rb 2018-05-29 15:50:33+00:00| seen|...

10CVSS7.4AI score0.63748EPSS
Exploits12References5
ThreatPost
ThreatPost
added 2017/03/30 2:50 p.m.60 views

New Mirai Variant Roars into Action With 54 Hour DDoS Attacks

A variant of the Mirai malware pummeled a U.S. college last month with a marathon 54-hour long attack. Researchers say this latest Mirai variant is a more potent version of the notorious Mirai malware that made headlines in October, targeting DNS provider Dyn and the Krebs on Security website. Th...

10CVSS0.7AI score0.89294EPSS
Exploits62References3
seebug.org
seebug.org
added 2015/05/07 12:0 a.m.174 views

Allegro v4.34 权限提升漏洞

Allegro v4.34 权限提升漏洞 1.漏洞分析 在RomPager 4.34版之前(RomPager软件已有10多年的历史)存在一个严重的漏洞,这个漏洞被称为厄运 cookie(Misfortune Cookie),这是因为它可以让黑客通过操作cookie来控制HTTP请求的“幸运值”。 这个漏洞编号为CVE-2014-9222,如果攻击者向存在漏洞的RomPager服务器发送特定请求,会使得这类网关设备内存紊乱,攻击者获得管理权限。 这个漏洞正在影响全球1200万台路由器安全, D-Link、 TP-Link、华为、中兴等品牌均受到影响,攻击者可以利用漏洞远程控制设备及监控流量...

10CVSS8.7AI score0.63748EPSS
Exploits12
Tenable Nessus
Tenable Nessus
added 2014/12/30 12:0 a.m.562 views

Allegro RomPager HTTP Cookie Management Remote Code Execution Vulnerability (Misfortune Cookie)

Nessus was able to overwrite the request path by sending a specially crafted cookie to the remote web server. It is, therefore, affected by multiple vulnerabilities : - A flaw in HTTP cookie management in the embedded web server allows a remote attacker to execute arbitrary code with administrati...

10CVSS8.8AI score0.63748EPSS
Exploits12References6
canvas
canvas
added 2014/12/24 6:59 p.m.90 views

Immunity Canvas: CVE_2014_9222

Name| CVE20149222 ---|--- CVE| CVE-2014-9222 Exploit Pack| CANVAS Description| CVE-2014-9222 Misfortune Cookie Notes| CVE Name: CVE-2014-9222 VENDOR: Alegro Notes: This module exploits the arbitrary memory overwrite vulnerability in RomPager embedded web-server, which was originally introduced by...

10CVSS8.3AI score0.63748EPSS
Exploits12
CVE
CVE
added 2014/12/24 6:0 p.m.204 views

CVE-2014-9222

CVE-2014-9222 corresponds to the Misfortune Cookie vulnerability in Allegro RomPager, affecting RomPager embedded web servers 4.01–4.34 (used in Huawei Home Gateway and Capsule DTS). The flaw allows remote attackers to gain administrator privileges by sending a crafted HTTP cookie that triggers m...

10CVSS7.7AI score0.63748EPSS
Exploits12References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/12/24 12:0 a.m.1396 views

Allegro RomPager HTTP Cookie Management Remote Code Execution Vulnerability (Misfortune Cookie)

According to its banner, the remote host is running a version of Allegro Software RomPager 4.07 to 4.33. It is, therefore, affected by multiple vulnerabilities : - A flaw in HTTP cookie management in the embedded web server allows a remote attacker to execute arbitrary code with administrative...

10CVSS8.8AI score0.63748EPSS
Exploits12References6
myhack58
myhack58
added 2014/12/22 12:0 a.m.17 views

Vulnerability warning: doom cookie Misfortune Cookie vulnerability affects the global 1 2 0 0 million router-vulnerability warning-the black bar safety net

One called“doom cookie Misfortune Cookie”a serious vulnerability is affecting the global 1 2 0 0 million router security, D-Link, TP-Link, Huawei, ZTE and other brands are affected, the attacker can use a vulnerability of remote control devices and monitoring traffic. Learn about the“doom...

1AI score
Exploits0
Metasploit
Metasploit
added 2014/12/19 1:21 a.m.63 views

Allegro Software RomPager 'Misfortune Cookie' (CVE-2014-9222) Scanner

This module scans for HTTP servers that appear to be vulnerable to the 'Misfortune Cookie' vulnerability which affects Allegro Software Rompager versions before 4.34 and can allow attackers to authenticate to the HTTP service as an administrator without providing valid credentials. This module...

10CVSS8.2AI score0.63748EPSS
Exploits12
Huawei
Huawei
added 2014/12/19 12:0 a.m.71 views

Security Advisory-Multiple Vulnerabilities in the RomPager Component of Home Gateway

RomPager is the embedded web server from AllegroSoft. RomPager component has two vulnerabilities. Some Huawei Home Gateway products use RomPager component and are affected by these two vulnerabilities. RomPager Authentication Security Bypass –Misfortune Cookie: The vulnerability is due to an...

10CVSS2.7AI score0.63748EPSS
Exploits12Affected Software2
CERT
CERT
added 2014/12/19 12:0 a.m.221 views

Multiple broadband routers use vulnerable versions of Allegro RomPager

Overview Multiple broadband routers use vulnerable versions of Allegro RomPager in current firmware releases. Description Many home and office/home office SOHO routers have been found to be using vulnerable versions of the Allegro RomPager embedded web server. Allegro RomPager versions prior to...

10CVSS9.2AI score0.63748EPSS
Exploits12References5
Check Point Advisories
Check Point Advisories
added 2014/12/03 12:0 a.m.15 views

RomPager Authentication Security Bypass - Misfortune Cookie (CVE-2014-9222)

An authentication bypass vulnerability exists in RomPager Server. The vulnerability is due to an insecure design in the RomPager Server. Remote attacker could exploit this vulnerability to access the RomPager web-server under administrator privileges...

10CVSS4.1AI score0.63748EPSS
Exploits12
Rows per page
Query Builder