Vulnerabilities (CVE)

Filtered by vendor Eye.fi Subscribe
Filtered by product Eye-fi Manager
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-7137 1 Eye.fi 1 Eye-fi Manager 2024-02-28 5.0 MEDIUM N/A
WS-Proxy in Eye-Fi 1.1.2 allows remote attackers to cause a denial of service (crash) via an empty query string to port 59278 and other unspecified vectors.
CVE-2008-7139 1 Eye.fi 1 Eye-fi Manager 2024-02-28 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in WS-Proxy in Eye-Fi 1.1.2 allow remote attackers to hijack the authentication of users for requests that modify configuration via a SOAPAction parameter of (1) urn:SetOptions for autostart, (2) urn:SetDesktopSync for file upload, or (3) urn:SetFolderConfig for file download location or modification of authentication credentials; and (4) urn:AddNetwork for adding an arbitrary Service Set Identifier (SSID) to hijack the image upload.
CVE-2008-7138 1 Eye.fi 1 Eye-fi Manager 2024-02-28 5.0 MEDIUM N/A
The Manager in Eye-Fi 1.1.2 generates predictable snonce values based on the time of day, which allows remote attackers to bypass authentication and upload arbitrary images by guessing the snonce.