153 matches found
CVE-2023-3260
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to command injection via the user-name URL parameter. An authenticated malicious agent can exploit this vulnerability to execute arbitrary command on the underlying Linux operating system...
CVE-2023-3261
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0 library.Successful exploitation could cause denial of service or unexpected behavior with respect to all interactions relying on the targeted vulnerable binary...
Buffer overflow
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0 library.Successful exploitation could cause denial of service or unexpected behavior with respect to all interactions relying on the targeted vulnerable binary...
Hardcoded credentials
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or...
Command injection
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to command injection via the user-name URL parameter. An authenticated malicious agent can exploit this vulnerability to execute arbitrary command on the underlying Linux operating system...
Authentication flaw
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. By manipulating the IP address field in the "iBootPduSiteAuth" cookie, a malicious agent can direct the device to connect to a rouge database.Successful exploitation allows the...
CVE-2023-3264
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database. A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or...
CVE-2023-3264
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database. A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or...
CVE-2023-3264
CVE-2023-3264 affects CyberPower PowerPanel Enterprise DCIM (and is listed with a CVSS 3.1 vector of 6.7). The vulnerability is described as Use of Hard-coded Credentials, enabling authentication bypass in the CyberPower PowerPanel Enterprise component. The Trellix/TRELLIX blog and related Red Ha...
CVE-2023-3263
CVE-2023-3263 affects the Dataprobe iBoot PDU (firmware 1.43.03312023 and earlier). The vulnerability is an authentication bypass in the REST API caused by mishandling of special characters when parsing credentials, enabling an attacker to obtain a valid authorization token and read the relays/po...
CVE-2023-3263
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass in the REST API due to the mishandling of special characters when parsing credentials.Successful exploitation allows the malicious agent to obtain a valid authorization token and read...
CVE-2023-3263
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass in the REST API due to the mishandling of special characters when parsing credentials.Successful exploitation allows the malicious agent to obtain a valid authorization token and read...
CVE-2023-3262
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or...
CVE-2023-3262
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or...
CVE-2023-3262
The CVE-2023-3262 entry concerns Dataprobe iBoot PDU firmware ≤1.43.03312023 that uses hard-coded credentials to interact with the internal Postgres database. A local attacker capable of executing OS commands on the device can read, modify, or delete arbitrary database records. The Trellix analys...
CVE-2023-3261
The CVE-2023-3261 entry corresponds to a buffer overflow in Dataprobe iBoot PDU firmware (
CVE-2023-3261
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0 library.Successful exploitation could cause denial of service or unexpected behavior with respect to all interactions relying on the targeted vulnerable binary...
CVE-2023-3261
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0 library.Successful exploitation could cause denial of service or unexpected behavior with respect to all interactions relying on the targeted vulnerable binary...
CVE-2023-3260
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to command injection via the user-name URL parameter. An authenticated malicious agent can exploit this vulnerability to execute arbitrary command on the underlying Linux operating system...
CVE-2023-3260
CVE-2023-3260 affects the Dataprobe iBoot PDU; firmware versions 1.43.03312023 and earlier are vulnerable to OS command injection via the user-name URL parameter. An authenticated attacker can execute arbitrary commands on the underlying Linux OS. Public sources corroborate an authenticated RCE v...