Faronics Insight 代码问题漏洞

Faronics Insight is an effective classroom management tool from Faronics Canada. A security vulnerability exists in Faronics Insight version 10.0.19045, which stems from the ability of an unauthenticated attacker to upload any type of file to any location on the teacher's end of the computer, whi...

CVE-2023-28353

CVE-2023-28353 affects Faronics Insight 10.0.19045 on Windows. An unauthenticated attacker can upload arbitrary files to any location on the Teacher Console computer, enabling multiple exploitation paths including achievable code execution and the potential to chain with other flaws to run a DLL ...

CVE-2023-28351

An issue was discovered in Faronics Insight 10.0.19045 on Windows. Every keystroke made by any user on a computer with the Student application installed is logged to a world-readable directory. A local attacker can trivially extract these cleartext keystrokes, potentially enabling them to obtain...

CVE-2023-28350

An issue was discovered in Faronics Insight 10.0.19045 on Windows. Attacker-supplied input is not validated/sanitized before being rendered in both the Teacher and Student Console applications, enabling an attacker to execute JavaScript in these applications. Due to the rich and highly privileged...

CVE-2023-28347

The CVE-2023-28347 issue affects Faronics Insight 10.0.19045 on Windows. A cross-site scripting flaw in the Teacher Console can be exploited by a PoC that mimics the Student Console, enabling unauthenticated attackers to achieve remote code execution as NT AUTHORITY/SYSTEM on all connected Studen...

Faronics Insight 跨站脚本漏洞

Faronics Insight is an effective classroom management tool from Faronics Canada. A security vulnerability exists in Faronics Insight version 10.0.19045, which stems from a cross-site scripting vulnerability that can be exploited on the teacher's side by creating a proof-of-concept script similar ...

Faronics Insight 跨站脚本漏洞

Faronics Insight is an effective classroom management tool from Faronics Canada. A security vulnerability exists in Faronics Insight version 10.0.19045, which stems from the use of a man-in-the-middle attack to present unescaped content on the Teacher's side and the Student's side, thereby...

CVE-2023-28352

CVE-2023-28352 affects Faronics Insight 10.0.19045 on Windows. The issue stems from abusing the Insight UDP broadcast discovery system, enabling an attacker‑controlled artificial Student Console to connect to and attack a Teacher Console even after Enhanced Security Mode is enabled. CVSS v3.1 bas...

CVE-2023-28345

An issue was discovered in Faronics Insight 10.0.19045 on Windows. The Insight Teacher Console application exposes the teacher's Console password in cleartext via an API endpoint accessible from localhost. Attackers with physical access to the Teacher Console can open a web browser, navigate to t...

CVE-2023-28344

An issue was discovered in Faronics Insight 10.0.19045 on Windows. The Insight Teacher Console application allows unauthenticated attackers to view constantly updated screenshots of student desktops and to submit falsified screenshots on behalf of students. Attackers are able to view screenshots ...

CVE-2023-28344

An issue was discovered in Faronics Insight 10.0.19045 on Windows. The Insight Teacher Console application allows unauthenticated attackers to view constantly updated screenshots of student desktops and to submit falsified screenshots on behalf of students. Attackers are able to view screenshots ...

Faronics Insight 日志信息泄露漏洞

Faronics Insight is an effective classroom management tool from Faronics Canada. A security vulnerability exists in Faronics Insight version 10.0.19045, which stems from the fact that the student's end records every input made on the computer and stores it in a publicly accessible location...

CVE-2023-28349

CVE-2023-28349 affects Faronics Insight on Windows (v10.0.19045). A crafted program that mimics the Teacher Console can cause Student Consoles to connect and, with NT AUTHORITY/SYSTEM permissions, write arbitrary files to arbitrary locations, enabling remote code execution. The vulnerability aris...

Faronics Insight 安全漏洞

Faronics Insight is an effective classroom management tool from Faronics Canada. A security vulnerability exists in Faronics Insight version 10.0.19045 that originates from an unauthenticated attacker being able to view continually updated screenshots of a student's desktop and submit a forged...

CVE-2023-28352

An issue was discovered in Faronics Insight 10.0.19045 on Windows. By abusing the Insight UDP broadcast discovery system, an attacker-controlled artificial Student Console can connect to and attack a Teacher Console even after Enhanced Security Mode has been enabled...

Security Bulletin: Apache Commons Text vulnerability affects Netcool Operations Insight [CVE-2022-42889]

Summary Apache Commons Text vulnerability affects Netcool Operations Insight. Apache Commons Text is used by multiple Netcool Operation Insight Services. The vulnerability has been addressed. CVE-2022-42889 Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: OX AppSuite could allow a remote...

Fedora: Security Advisory for dokuwiki (FEDORA-2023-9e5f85ad02)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Authorization

Improper Authorization vulnerability in OTRS AG OTRS 8 Websocket API backend allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage. User IDs can easily be correlated with real names e. g. via ticket histories by any user. Fuzzing for...

CVE-2023-2273

Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write...

Path traversal

Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write...