Directory traversal

In Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value...

CVE-2020-29667

The CVE-2020-29667 entry affects Lan ATMService M3 ATM Monitoring System 6.1.0. Reported weakness: Insufficient session expiration enabled by using a default cookie value (e.g., PHPSESSID=LANIT-IMANAGER), which an unauthenticated remote attacker can exploit to gain control over the system. Connec...

CVE-2020-29667

In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration...

CVE-2020-29666

The CVE-2020-29666 issue affects Lan ATMService M3 ATM Monitoring System 6.1.0. A directory-listing vulnerability in the web interface allows a remote attacker to read log files under /websocket/logs/ that contain a user cookie and the predefined developer cookie value. The underlying root cause ...

Lan ATMService M3 ATM Code Issue Vulnerability

Lan ATMService M3 ATM Monitoring System is a software that can be used to monitor ATM machines from the Russian company Lan ATMService. A security vulnerability exists in Lan ATMService M3 ATM 6.1.0, which can be exploited by an attacker to gain control over system sessions that do not expire...