24 matches found
EUVD-2011-4614
Malware in sbrugna...
EUVD-2008-7097
Malware in sbrugna...
EUVD-2008-7096
Malware in sbrugna...
EUVD-2008-7098
Malware in sbrugna...
CVE-2011-4696
Directory traversal vulnerability in Eye-Fi Helper before 3.4.23 allows man-in-the-middle attackers to create arbitrary files via a .. dot dot in the filesignature in a GetPhotoStatus request...
Directory traversal
Directory traversal vulnerability in Eye-Fi Helper before 3.4.23 allows man-in-the-middle attackers to create arbitrary files via a .. dot dot in the filesignature in a GetPhotoStatus request...
CVE-2011-4696
Directory traversal vulnerability in Eye-Fi Helper before 3.4.23 allows man-in-the-middle attackers to create arbitrary files via a .. dot dot in the filesignature in a GetPhotoStatus request...
CVE-2011-4696
CVE-2011-4696: A directory traversal in Eye-Fi Helper before 3.4.23 allows an attacker to create arbitrary files via .. in the filesignature of a GetPhotoStatus request. The issue could enable overwriting arbitrary files and may lead to DoS or arbitrary code execution. Affected product: Eye-Fi He...
Eye-Fi Helper Detection
The Eye-Fi Helper software, which is used to transfer photos wirelessly to a computer, is listening on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid65687; scriptversion"1.4"; scriptcvsdate"Date: 2019/11/22"; scriptnameenglish:"Eye-Fi Helper...
Eye-Fi Helper < 3.4.23 Directory Traversal
The version of Eye-Fi Helper installed on the remote host is a version prior to 3.4.23. It is, therefore, affected by a directory traversal vulnerability because it fails to properly sanitize user- supplied input. An attacker could exploit this issue to overwrite arbitrary files on the vulnerable...
CVE-2008-7139
Multiple cross-site request forgery CSRF vulnerabilities in WS-Proxy in Eye-Fi 1.1.2 allow remote attackers to hijack the authentication of users for requests that modify configuration via a SOAPAction parameter of 1 urn:SetOptions for autostart, 2 urn:SetDesktopSync for file upload, or 3...
CVE-2008-7137
WS-Proxy in Eye-Fi 1.1.2 allows remote attackers to cause a denial of service crash via an empty query string to port 59278 and other unspecified vectors...
CVE-2008-7138
The Manager in Eye-Fi 1.1.2 generates predictable snonce values based on the time of day, which allows remote attackers to bypass authentication and upload arbitrary images by guessing the snonce...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in WS-Proxy in Eye-Fi 1.1.2 allow remote attackers to hijack the authentication of users for requests that modify configuration via a SOAPAction parameter of 1 urn:SetOptions for autostart, 2 urn:SetDesktopSync for file upload, or 3...
Authentication flaw
The Manager in Eye-Fi 1.1.2 generates predictable snonce values based on the time of day, which allows remote attackers to bypass authentication and upload arbitrary images by guessing the snonce...
CVE-2008-7138
The Manager in Eye-Fi 1.1.2 generates predictable snonce values based on the time of day, which allows remote attackers to bypass authentication and upload arbitrary images by guessing the snonce...
CVE-2008-7137
WS-Proxy in Eye-Fi 1.1.2 allows remote attackers to cause a denial of service crash via an empty query string to port 59278 and other unspecified vectors...
CVE-2008-7139
CVE-2008-7139 covers multiple CSRF vulnerabilities in Eye-Fi’s WS-Proxy (Eye-Fi 1.1.2). The flaws allow remote attackers to hijack user authentication for requests that modify configuration via SOAPAction URIs: urn:SetOptions (autostart), urn:SetDesktopSync (file upload), urn:SetFolderConfig (fil...
CVE-2008-7138
The CVE-2008-7138 entry identifies Eye-Fi Manager 1.1.2 as affected. The issue is that the Manager generates predictable snonce values tied to the time of day, enabling remote attackers to bypass authentication and upload arbitrary images by guessing the snonce. Connected documents corroborate th...
CVE-2008-7137
The CVE-2008-7137 entry concerns Eye-Fi’s WS-Proxy component (Eye-Fi 1.1.2). It states that remote denial of service is possible, crashing the service via an empty query string to port 59278 and mentions other unspecified vectors. The available connected documents provide this high‑level impact b...