Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities by eye.fi
CVE-2008-7139 (GCVE-0-2008-7139)
Vulnerability from nvd – Published: 2009-09-01 16:00 – Updated: 2024-08-07 11:56
VLAI
EPSS
VEX
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in WS-Proxy in Eye-Fi 1.1.2 allow remote attackers to hijack the authentication of users for requests that modify configuration via a SOAPAction parameter of (1) urn:SetOptions for autostart, (2) urn:SetDesktopSync for file upload, or (3) urn:SetFolderConfig for file download location or modification of authentication credentials; and (4) urn:AddNetwork for adding an arbitrary Service Set Identifier (SSID) to hijack the image upload.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/28085 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/489045/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.informit.com/articles/article.aspx?p=1177111 | x_refsource_MISC |
| http://secunia.com/advisories/29221 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/42718 | vdb-entryx_refsource_OSVDB |
Date Public
2008-02-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28085",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28085"
},
{
"name": "20080303 Airscanner Mobile Security Advisory #07122001: Eye-Fi Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489045/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.informit.com/articles/article.aspx?p=1177111"
},
{
"name": "29221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29221"
},
{
"name": "eyefimanager-wsproxy-csrf(40995)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40995"
},
{
"name": "42718",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42718"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in WS-Proxy in Eye-Fi 1.1.2 allow remote attackers to hijack the authentication of users for requests that modify configuration via a SOAPAction parameter of (1) urn:SetOptions for autostart, (2) urn:SetDesktopSync for file upload, or (3) urn:SetFolderConfig for file download location or modification of authentication credentials; and (4) urn:AddNetwork for adding an arbitrary Service Set Identifier (SSID) to hijack the image upload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28085",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28085"
},
{
"name": "20080303 Airscanner Mobile Security Advisory #07122001: Eye-Fi Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489045/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.informit.com/articles/article.aspx?p=1177111"
},
{
"name": "29221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29221"
},
{
"name": "eyefimanager-wsproxy-csrf(40995)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40995"
},
{
"name": "42718",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42718"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in WS-Proxy in Eye-Fi 1.1.2 allow remote attackers to hijack the authentication of users for requests that modify configuration via a SOAPAction parameter of (1) urn:SetOptions for autostart, (2) urn:SetDesktopSync for file upload, or (3) urn:SetFolderConfig for file download location or modification of authentication credentials; and (4) urn:AddNetwork for adding an arbitrary Service Set Identifier (SSID) to hijack the image upload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28085",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28085"
},
{
"name": "20080303 Airscanner Mobile Security Advisory #07122001: Eye-Fi Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489045/100/0/threaded"
},
{
"name": "http://www.informit.com/articles/article.aspx?p=1177111",
"refsource": "MISC",
"url": "http://www.informit.com/articles/article.aspx?p=1177111"
},
{
"name": "29221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29221"
},
{
"name": "eyefimanager-wsproxy-csrf(40995)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40995"
},
{
"name": "42718",
"refsource": "OSVDB",
"url": "http://osvdb.org/42718"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7139",
"datePublished": "2009-09-01T16:00:00.000Z",
"dateReserved": "2009-09-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:56:14.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7138 (GCVE-0-2008-7138)
Vulnerability from nvd – Published: 2009-09-01 16:00 – Updated: 2024-08-07 11:56
VLAI
EPSS
VEX
Summary
The Manager in Eye-Fi 1.1.2 generates predictable snonce values based on the time of day, which allows remote attackers to bypass authentication and upload arbitrary images by guessing the snonce.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/28085 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/489045/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/29221 | third-party-advisoryx_refsource_SECUNIA |
| http://osvdb.org/42719 | vdb-entryx_refsource_OSVDB |
| http://www.informit.com/articles/article.aspx?p=1… | x_refsource_MISC |
Date Public
2008-02-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28085",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28085"
},
{
"name": "20080303 Airscanner Mobile Security Advisory #07122001: Eye-Fi Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489045/100/0/threaded"
},
{
"name": "29221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29221"
},
{
"name": "42719",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42719"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.informit.com/articles/article.aspx?p=1177111\u0026seqNum=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Manager in Eye-Fi 1.1.2 generates predictable snonce values based on the time of day, which allows remote attackers to bypass authentication and upload arbitrary images by guessing the snonce."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28085",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28085"
},
{
"name": "20080303 Airscanner Mobile Security Advisory #07122001: Eye-Fi Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489045/100/0/threaded"
},
{
"name": "29221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29221"
},
{
"name": "42719",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42719"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.informit.com/articles/article.aspx?p=1177111\u0026seqNum=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Manager in Eye-Fi 1.1.2 generates predictable snonce values based on the time of day, which allows remote attackers to bypass authentication and upload arbitrary images by guessing the snonce."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28085",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28085"
},
{
"name": "20080303 Airscanner Mobile Security Advisory #07122001: Eye-Fi Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489045/100/0/threaded"
},
{
"name": "29221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29221"
},
{
"name": "42719",
"refsource": "OSVDB",
"url": "http://osvdb.org/42719"
},
{
"name": "http://www.informit.com/articles/article.aspx?p=1177111\u0026seqNum=2",
"refsource": "MISC",
"url": "http://www.informit.com/articles/article.aspx?p=1177111\u0026seqNum=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7138",
"datePublished": "2009-09-01T16:00:00.000Z",
"dateReserved": "2009-09-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:56:14.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7137 (GCVE-0-2008-7137)
Vulnerability from nvd – Published: 2009-09-01 16:00 – Updated: 2024-08-07 11:56
VLAI
EPSS
VEX
Summary
WS-Proxy in Eye-Fi 1.1.2 allows remote attackers to cause a denial of service (crash) via an empty query string to port 59278 and other unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/28085 | vdb-entryx_refsource_BID |
| http://osvdb.org/42720 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/489045/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.informit.com/articles/article.aspx?p=1… | x_refsource_MISC |
| http://secunia.com/advisories/29221 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2008-02-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28085",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28085"
},
{
"name": "42720",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42720"
},
{
"name": "20080303 Airscanner Mobile Security Advisory #07122001: Eye-Fi Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489045/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.informit.com/articles/article.aspx?p=1177111\u0026seqNum=3"
},
{
"name": "29221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29221"
},
{
"name": "eyefimanager-url-dos(40996)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40996"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WS-Proxy in Eye-Fi 1.1.2 allows remote attackers to cause a denial of service (crash) via an empty query string to port 59278 and other unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28085",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28085"
},
{
"name": "42720",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42720"
},
{
"name": "20080303 Airscanner Mobile Security Advisory #07122001: Eye-Fi Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489045/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.informit.com/articles/article.aspx?p=1177111\u0026seqNum=3"
},
{
"name": "29221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29221"
},
{
"name": "eyefimanager-url-dos(40996)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40996"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WS-Proxy in Eye-Fi 1.1.2 allows remote attackers to cause a denial of service (crash) via an empty query string to port 59278 and other unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28085",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28085"
},
{
"name": "42720",
"refsource": "OSVDB",
"url": "http://osvdb.org/42720"
},
{
"name": "20080303 Airscanner Mobile Security Advisory #07122001: Eye-Fi Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489045/100/0/threaded"
},
{
"name": "http://www.informit.com/articles/article.aspx?p=1177111\u0026seqNum=3",
"refsource": "MISC",
"url": "http://www.informit.com/articles/article.aspx?p=1177111\u0026seqNum=3"
},
{
"name": "29221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29221"
},
{
"name": "eyefimanager-url-dos(40996)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40996"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7137",
"datePublished": "2009-09-01T16:00:00.000Z",
"dateReserved": "2009-09-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:56:14.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7139 (GCVE-0-2008-7139)
Vulnerability from cvelistv5 – Published: 2009-09-01 16:00 – Updated: 2024-08-07 11:56
VLAI
EPSS
VEX
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in WS-Proxy in Eye-Fi 1.1.2 allow remote attackers to hijack the authentication of users for requests that modify configuration via a SOAPAction parameter of (1) urn:SetOptions for autostart, (2) urn:SetDesktopSync for file upload, or (3) urn:SetFolderConfig for file download location or modification of authentication credentials; and (4) urn:AddNetwork for adding an arbitrary Service Set Identifier (SSID) to hijack the image upload.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/28085 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/489045/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.informit.com/articles/article.aspx?p=1177111 | x_refsource_MISC |
| http://secunia.com/advisories/29221 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/42718 | vdb-entryx_refsource_OSVDB |
Date Public
2008-02-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28085",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28085"
},
{
"name": "20080303 Airscanner Mobile Security Advisory #07122001: Eye-Fi Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489045/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.informit.com/articles/article.aspx?p=1177111"
},
{
"name": "29221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29221"
},
{
"name": "eyefimanager-wsproxy-csrf(40995)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40995"
},
{
"name": "42718",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42718"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in WS-Proxy in Eye-Fi 1.1.2 allow remote attackers to hijack the authentication of users for requests that modify configuration via a SOAPAction parameter of (1) urn:SetOptions for autostart, (2) urn:SetDesktopSync for file upload, or (3) urn:SetFolderConfig for file download location or modification of authentication credentials; and (4) urn:AddNetwork for adding an arbitrary Service Set Identifier (SSID) to hijack the image upload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28085",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28085"
},
{
"name": "20080303 Airscanner Mobile Security Advisory #07122001: Eye-Fi Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489045/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.informit.com/articles/article.aspx?p=1177111"
},
{
"name": "29221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29221"
},
{
"name": "eyefimanager-wsproxy-csrf(40995)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40995"
},
{
"name": "42718",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42718"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in WS-Proxy in Eye-Fi 1.1.2 allow remote attackers to hijack the authentication of users for requests that modify configuration via a SOAPAction parameter of (1) urn:SetOptions for autostart, (2) urn:SetDesktopSync for file upload, or (3) urn:SetFolderConfig for file download location or modification of authentication credentials; and (4) urn:AddNetwork for adding an arbitrary Service Set Identifier (SSID) to hijack the image upload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28085",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28085"
},
{
"name": "20080303 Airscanner Mobile Security Advisory #07122001: Eye-Fi Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489045/100/0/threaded"
},
{
"name": "http://www.informit.com/articles/article.aspx?p=1177111",
"refsource": "MISC",
"url": "http://www.informit.com/articles/article.aspx?p=1177111"
},
{
"name": "29221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29221"
},
{
"name": "eyefimanager-wsproxy-csrf(40995)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40995"
},
{
"name": "42718",
"refsource": "OSVDB",
"url": "http://osvdb.org/42718"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7139",
"datePublished": "2009-09-01T16:00:00.000Z",
"dateReserved": "2009-09-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:56:14.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7137 (GCVE-0-2008-7137)
Vulnerability from cvelistv5 – Published: 2009-09-01 16:00 – Updated: 2024-08-07 11:56
VLAI
EPSS
VEX
Summary
WS-Proxy in Eye-Fi 1.1.2 allows remote attackers to cause a denial of service (crash) via an empty query string to port 59278 and other unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/28085 | vdb-entryx_refsource_BID |
| http://osvdb.org/42720 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/489045/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.informit.com/articles/article.aspx?p=1… | x_refsource_MISC |
| http://secunia.com/advisories/29221 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2008-02-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28085",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28085"
},
{
"name": "42720",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42720"
},
{
"name": "20080303 Airscanner Mobile Security Advisory #07122001: Eye-Fi Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489045/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.informit.com/articles/article.aspx?p=1177111\u0026seqNum=3"
},
{
"name": "29221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29221"
},
{
"name": "eyefimanager-url-dos(40996)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40996"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WS-Proxy in Eye-Fi 1.1.2 allows remote attackers to cause a denial of service (crash) via an empty query string to port 59278 and other unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28085",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28085"
},
{
"name": "42720",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42720"
},
{
"name": "20080303 Airscanner Mobile Security Advisory #07122001: Eye-Fi Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489045/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.informit.com/articles/article.aspx?p=1177111\u0026seqNum=3"
},
{
"name": "29221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29221"
},
{
"name": "eyefimanager-url-dos(40996)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40996"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WS-Proxy in Eye-Fi 1.1.2 allows remote attackers to cause a denial of service (crash) via an empty query string to port 59278 and other unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28085",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28085"
},
{
"name": "42720",
"refsource": "OSVDB",
"url": "http://osvdb.org/42720"
},
{
"name": "20080303 Airscanner Mobile Security Advisory #07122001: Eye-Fi Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489045/100/0/threaded"
},
{
"name": "http://www.informit.com/articles/article.aspx?p=1177111\u0026seqNum=3",
"refsource": "MISC",
"url": "http://www.informit.com/articles/article.aspx?p=1177111\u0026seqNum=3"
},
{
"name": "29221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29221"
},
{
"name": "eyefimanager-url-dos(40996)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40996"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7137",
"datePublished": "2009-09-01T16:00:00.000Z",
"dateReserved": "2009-09-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:56:14.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7138 (GCVE-0-2008-7138)
Vulnerability from cvelistv5 – Published: 2009-09-01 16:00 – Updated: 2024-08-07 11:56
VLAI
EPSS
VEX
Summary
The Manager in Eye-Fi 1.1.2 generates predictable snonce values based on the time of day, which allows remote attackers to bypass authentication and upload arbitrary images by guessing the snonce.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/28085 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/489045/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/29221 | third-party-advisoryx_refsource_SECUNIA |
| http://osvdb.org/42719 | vdb-entryx_refsource_OSVDB |
| http://www.informit.com/articles/article.aspx?p=1… | x_refsource_MISC |
Date Public
2008-02-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28085",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28085"
},
{
"name": "20080303 Airscanner Mobile Security Advisory #07122001: Eye-Fi Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489045/100/0/threaded"
},
{
"name": "29221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29221"
},
{
"name": "42719",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42719"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.informit.com/articles/article.aspx?p=1177111\u0026seqNum=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Manager in Eye-Fi 1.1.2 generates predictable snonce values based on the time of day, which allows remote attackers to bypass authentication and upload arbitrary images by guessing the snonce."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28085",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28085"
},
{
"name": "20080303 Airscanner Mobile Security Advisory #07122001: Eye-Fi Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489045/100/0/threaded"
},
{
"name": "29221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29221"
},
{
"name": "42719",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42719"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.informit.com/articles/article.aspx?p=1177111\u0026seqNum=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Manager in Eye-Fi 1.1.2 generates predictable snonce values based on the time of day, which allows remote attackers to bypass authentication and upload arbitrary images by guessing the snonce."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28085",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28085"
},
{
"name": "20080303 Airscanner Mobile Security Advisory #07122001: Eye-Fi Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489045/100/0/threaded"
},
{
"name": "29221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29221"
},
{
"name": "42719",
"refsource": "OSVDB",
"url": "http://osvdb.org/42719"
},
{
"name": "http://www.informit.com/articles/article.aspx?p=1177111\u0026seqNum=2",
"refsource": "MISC",
"url": "http://www.informit.com/articles/article.aspx?p=1177111\u0026seqNum=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7138",
"datePublished": "2009-09-01T16:00:00.000Z",
"dateReserved": "2009-09-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:56:14.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}