10 matches found
CVE-2021-3113
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, a...
CVE-2021-3113
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, a...
CVE-2021-3113
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, a...
Design/Logic Flaw
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, a...
CVE-2021-3113
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, a...
CVE-2021-3113
Summary: CVE-2021-3113 affects Netsia SEBA+ up to version 0.16.1 build 70-e669dcd7. A direct request to /session/list/allActiveSession can disclose session cookies, potentially exposing an admin’s cookie and enabling admin access if an admin is logged in at the time of the request. Impact (as sta...
CVE-2021-3113
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, a...
Session Information Disclosure Vulnerability
Session is a new type of encrypted private messenger open-sourced by Oxen. An information disclosure vulnerability exists in Netsia SEBA+ version 0.16.1 build 70-e669dcd7, which can be exploited by an attacker to discover a session cookie via a direct session list allActiveSession request...
Netsia SEBA+ 0.16.1 Authentcation Bypass / Add Root User
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netsia SEBA+ %q This module exploits an authentication bypass in Netsia SEBA+, triggered by add new root/admin user. HTTP requests made to the...
Netsia SEBA+ 0.16.1 - Add Root User (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netsia SEBA+ %q This module exploits an authentication bypass in Netsia SEBA+, triggered by add new root/admin user. HTTP requests made to the...