89 matches found
CVE-2023-39980
A vulnerability that allows the unauthorized disclosure of authenticated information has been identified in MXsecurity versions prior to v1.0.1. This vulnerability arises when special elements are not neutralized correctly, allowing remote attackers to alter SQL commands...
CVE-2023-39983
A vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the nsm-web UI has been identified in MXsecurity versions prior to v1.0.1. This vulnerability might allow an unauthenticated remote attacker to register or add devices via the nsm-web application...
CVE-2023-39979
There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values...
CVE-2023-39979
There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values...
Authentication flaw
There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values...
Sql injection
A vulnerability that allows the unauthorized disclosure of authenticated information has been identified in MXsecurity versions prior to v1.0.1. This vulnerability arises when special elements are not neutralized correctly, allowing remote attackers to alter SQL commands...
CVE-2023-39983 MXsecurity Register Database Pollution
A vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the nsm-web UI has been identified in MXsecurity versions prior to v1.0.1. This vulnerability might allow an unauthenticated remote attacker to register or add devices via the nsm-web application...
CVE-2023-39983
Affected software: MXsecurity (nsm-web UI) prior to v1.0.1. What is vulnerable: A vulnerability allowing an unauthenticated remote attacker to register or add devices via the nsm-web application, potentially polluting the MXsecurity sqlite database. Root cause / details: Documented across multipl...
CVE-2023-39983 MXsecurity Register Database Pollution
A vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the nsm-web UI has been identified in MXsecurity versions prior to v1.0.1. This vulnerability might allow an unauthenticated remote attacker to register or add devices via the nsm-web application...
CVE-2023-39982
MXsecurity versions prior to v1.0.1 contain a hard-coded SSH host key that may allow man-in-the-middle attacks and decryption of SSH traffic, compromising confidentiality and integrity. The issue affects the MXsecurity platform’s SSH communications on affected devices. Remediation acknowledged in...
CVE-2023-39982 MXsecurity Hardcoded Credential
A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle...
CVE-2023-39982 MXsecurity Hardcoded Credential
A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle...
CVE-2023-39981 MXsecurity Device Information Disclosure
A vulnerability that allows for unauthorized access has been discovered in MXsecurity versions prior to v1.0.1. This vulnerability arises from inadequate authentication measures, potentially leading to the disclosure of device information by a remote attacker...
CVE-2023-39981 MXsecurity Device Information Disclosure
A vulnerability that allows for unauthorized access has been discovered in MXsecurity versions prior to v1.0.1. This vulnerability arises from inadequate authentication measures, potentially leading to the disclosure of device information by a remote attacker...
CVE-2023-39981
MXsecurity is vulnerable in versions prior to 1.0.1 due to inadequate authentication, enabling a remote attacker to disclose device information. The CVE-2023-39981 description specifies unauthorized access as the risk, with the base CVSS v3.1 metrics indicating high impact on confidentiality and ...
CVE-2023-39980 MXsecurity Authenticated Information Disclosure Due to SQL Injection
A vulnerability that allows the unauthorized disclosure of authenticated information has been identified in MXsecurity versions prior to v1.0.1. This vulnerability arises when special elements are not neutralized correctly, allowing remote attackers to alter SQL commands...
CVE-2023-39980
CVE-2023-39980 affects MXsecurity prior to v1.0.1. The issue is SQL injection caused by improper neutralization of certain elements, enabling a remote attacker to alter SQL commands and disclose authenticated information. A fix is available: upgrade MXsecurity to v1.0.1 or later. Evidence from mu...
CVE-2023-39980 MXsecurity Authenticated Information Disclosure Due to SQL Injection
A vulnerability that allows the unauthorized disclosure of authenticated information has been identified in MXsecurity versions prior to v1.0.1. This vulnerability arises when special elements are not neutralized correctly, allowing remote attackers to alter SQL commands...
CVE-2023-39979 MXsecurity Authentication Bypass
There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values...
CVE-2023-39979 MXsecurity Authentication Bypass
There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values...