239 matches found
PT-2024-4530 · Cyberpower · Cyberpower Powerpanel Enterprise
Name of the Vulnerable Software and Affected Versions: CyberPower PowerPanel Enterprise versions prior to 2.8.3 Description: The issue is related to a SQL injection vulnerability in the query contract result function of the MCUDBHelper component in the corporate version of the PowerPanel Enterpri...
The vulnerability of the PowerPanel Business’s monitoring and power source management system lies in the lack of measures to protect the SQL query structure. This allows attackers to execute arbitrary SQL code and write arbitrary files.
The vulnerability of the PowerPanel Business monitoring and power source management system lies in the lack of measures taken to protect the SQL query structure during the processing of MQTT messages. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code and write...
The vulnerability of the PowerPanel Business’s monitoring and management system for uninterruptible power sources lies in the storage of passwords in a recoverable format, which allows an intruder to gain unauthorized access to protected information.
The vulnerability of the PowerPanel Business monitoring and power source management system lies in the storage of passwords in a recoverable format. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the PowerPanel Business’s monitoring and control system regarding authentication procedures allows unauthorized access by intruders to protected information.
The vulnerability of the PowerPanel Business monitoring and power source management system is related to deficiencies in authentication procedures, due to the absence of blocking mechanisms for substitution signs. Exploiting this vulnerability could allow an attacker operating remotely to gain...
The vulnerability of the PowerPanel Business monitoring and power source management system, related to the use of pre-installed account data, allows a perpetrator to increase their privileges.
The vulnerability of the PowerPanel Business monitoring and power source management system is related to the use of pre-installed account data. Exploiting this vulnerability could allow an attacker to increase their privileges remotely...
The vulnerability of the PowerPanel Business’s monitoring and management system for power sources involves insufficient protection of operational data during code debugging. This allows attackers to gain unauthorized access to account information and increase their privileges.
The vulnerability of the PowerPanel Business monitoring and power source management system is related to insufficient protection of operational data during code debugging. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to account information a...
The vulnerability of the PowerPanel Business monitoring and power source management system lies in the use of a strictly encrypted cryptographic key. This allows attackers to impersonate other users and send malicious data into the system.
The vulnerability of the PowerPanel Business monitoring and power source management system lies in the use of a strictly encrypted cryptographic key. Exploiting this vulnerability allows an attacker to impersonate another user and send malicious data into the system...
The vulnerability of the PowerPanel Business monitoring and power source management system, related to errors in processing the relative path to the catalog, allows a perpetrator to execute arbitrary code.
The vulnerability of the PowerPanel Business monitoring and power source management system is related to errors in processing the relative path to the catalog. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created zip file...
The vulnerability of the PowerPanel Business monitoring and power source management system, related to the use of strictly encrypted account data, allows a intruder to gain unauthorized access to protected information and enhance their privileges.
The vulnerability of the PowerPanel Business monitoring and power source management system lies in the use of strictly encrypted account data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information and enhance their privileg...
CyberPower PowerPanel Business
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: CyberPower Equipment: PowerPanel business Vulnerabilities: Use of Hard-coded Password, Relative Path Traversal, Use of Hard-coded Credentials, Active Debug Code, Storing Passwords in a...
PT-2024-3241 · Cyberpower · Cyberpower Powerpanel
Name of the Vulnerable Software and Affected Versions: CyberPower PowerPanel affected versions not specified Description: The issue is related to the processing of relative paths in the PowerPanel system, which can be exploited by importing a specially crafted Zip file containing path traversal...
PT-2024-3237 · Cyberpower · Cyberpower Powerpanel
Name of the Vulnerable Software and Affected Versions: CyberPower PowerPanel affected versions not specified Description: The issue is related to the use of a hard-coded cryptographic key in the system, which allows an attacker to impersonate any client and send malicious data. This can be...
PT-2024-3236 · Cyberpower · Cyberpower Powerpanel
Name of the Vulnerable Software and Affected Versions: CyberPower PowerPanel affected versions not specified Description: The issue is related to the CyberPower PowerPanel system, where certain MQTT wildcards are not blocked, potentially allowing an attacker to obtain data from throughout the...
PT-2024-3242 · Cyberpower · Cyberpower Powerpanel
Name of the Vulnerable Software and Affected Versions: CyberPower PowerPanel business application affected versions not specified Description: The issue is related to a hard-coded set of authentication credentials in the CyberPower PowerPanel business application code. This could allow an attacke...
PT-2024-3238 · Cyberpower · Cyberpower Powerpanel Business
Name of the Vulnerable Software and Affected Versions: CyberPower PowerPanel Business affected versions not specified Description: The issue is related to the lack of protection for the SQL query structure when processing MQTT messages. This could allow a remote attacker to execute arbitrary SQL...
PT-2024-3240 · Cyberpower · Cyberpower Powerpanel
Name of the Vulnerable Software and Affected Versions: CyberPower PowerPanel affected versions not specified Description: The issue is related to hard-coded credentials used by the CyberPower PowerPanel platform for authentication to the database, other services, and the cloud. This could allow a...
PT-2024-6574 · Cyberpower · Cyberpower Powerpanel Enterprise
Name of the Vulnerable Software and Affected Versions: CyberPower PowerPanel Enterprise versions prior to 2.8.3 Description: A sql injection vulnerability exists in the query ptask lean function within MCUDBHelper, allowing an unauthenticated remote attacker to leak sensitive information. The...
CyberPower PowerPanel Enterprise Detection
Binary data cyberpowerppedetect.nbin...
CyberPower PowerPanel Enterprise Authentication Bypass (CVE-2023-3265)
Binary data cyberpowerppecve-2023-3265.nbin...
CVE-2023-3266
A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication checks if LDAP authentication is selected.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an...