Lucene search
+L

10 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:29 p.m.8 views

CVE-2021-3113

Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, a...

7.5CVSS7AI score0.03162EPSS
Exploits1References1
NVD
NVD
added 2021/01/17 3:15 a.m.15 views

CVE-2021-3113

Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, a...

7.5CVSS7.5AI score0.03162EPSS
Exploits1References3
OSV
OSV
added 2021/01/17 3:15 a.m.2 views

CVE-2021-3113

Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, a...

7.5CVSS7.1AI score0.03162EPSS
Exploits1References3
Prion
Prion
added 2021/01/17 3:15 a.m.14 views

Design/Logic Flaw

Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, a...

5CVSS7.5AI score0.03162EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/01/17 3:15 a.m.4 views

CVE-2021-3113

Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, a...

7.5CVSS7.1AI score0.03162EPSS
Exploits1References4
CVE
CVE
added 2021/01/17 2:33 a.m.114 views

CVE-2021-3113

Summary: CVE-2021-3113 affects Netsia SEBA+ up to version 0.16.1 build 70-e669dcd7. A direct request to /session/list/allActiveSession can disclose session cookies, potentially exposing an admin’s cookie and enabling admin access if an admin is logged in at the time of the request. Impact (as sta...

7.5CVSS7.4AI score0.03162EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/01/17 2:33 a.m.24 views

CVE-2021-3113

Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, a...

7.7AI score0.03162EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/01/16 12:0 a.m.7 views

Session Information Disclosure Vulnerability

Session is a new type of encrypted private messenger open-sourced by Oxen. An information disclosure vulnerability exists in Netsia SEBA+ version 0.16.1 build 70-e669dcd7, which can be exploited by an attacker to discover a session cookie via a direct session list allActiveSession request...

7.5CVSS7.1AI score0.03162EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2021/01/15 12:0 a.m.277 views

Netsia SEBA+ 0.16.1 Authentcation Bypass / Add Root User

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netsia SEBA+ %q This module exploits an authentication bypass in Netsia SEBA+, triggered by add new root/admin user. HTTP requests made to the...

0.9AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/15 12:0 a.m.242 views

Netsia SEBA+ 0.16.1 - Add Root User (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netsia SEBA+ %q This module exploits an authentication bypass in Netsia SEBA+, triggered by add new root/admin user. HTTP requests made to the...

7.4AI score
Exploits0
Rows per page
Query Builder