Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

239 matches found

NVD
NVDadded 2023/08/14 5:15 a.m.7 views

CVE-2023-3267

When adding a remote backup location, an authenticated user can pass arbitrary OS commands through the username field. The username is passed without sanitization into CMD running as NT/Authority System. An authenticated attacker can leverage this vulnerability to execute arbitrary code with...

9.1CVSS9.4AI score0.00325EPSS
Exploits0References1
OSV
OSVadded 2023/08/14 5:15 a.m.5 views

CVE-2023-3267

When adding a remote backup location, an authenticated user can pass arbitrary OS commands through the username field. The username is passed without sanitization into CMD running as NT/Authority System. An authenticated attacker can leverage this vulnerability to execute arbitrary code with...

8.8CVSS6.1AI score0.00325EPSS
Exploits0References1
NVD
NVDadded 2023/08/14 5:15 a.m.11 views

CVE-2023-3265

An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters from the username, allowing an attacker to login into the application with the default user "cyberpower" by appending a non-printable character.An unauthenticated attacker can leverage this...

9.8CVSS9.7AI score0.00193EPSS
Exploits0References1
OSV
OSVadded 2023/08/14 5:15 a.m.0 views

CVE-2023-3265

An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters from the username, allowing an attacker to login into the application with the default user "cyberpower" by appending a non-printable character.An unauthenticated attacker can leverage this...

9.8CVSS5.8AI score
Exploits0References1
Prion
Prionadded 2023/08/14 5:15 a.m.19 views

Design/Logic Flaw

When adding a remote backup location, an authenticated user can pass arbitrary OS commands through the username field. The username is passed without sanitization into CMD running as NT/Authority System. An authenticated attacker can leverage this vulnerability to execute arbitrary code with...

6.5CVSS8.8AI score0.00325EPSS
Exploits0References1Affected Software1
Prion
Prionadded 2023/08/14 5:15 a.m.19 views

Hardcoded credentials

An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters from the username, allowing an attacker to login into the application with the default user "cyberpower" by appending a non-printable character.An unauthenticated attacker can leverage this...

7.5CVSS9.5AI score0.00193EPSS
Exploits0References1Affected Software1
CVE
CVEadded 2023/08/14 4:11 a.m.43 views

CVE-2023-3267

CVE-2023-3267 affects CyberPower PowerPanel Enterprise DCIM. The vulnerability is an OS command injection where an authenticated user can place arbitrary commands in the username field, which is passed un-sanitized into CMD running with SYSTEM privileges. This yields authenticated remote code exe...

9.1CVSS8.8AI score0.00325EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2023/08/14 4:11 a.m.11 views

CVE-2023-3267

When adding a remote backup location, an authenticated user can pass arbitrary OS commands through the username field. The username is passed without sanitization into CMD running as NT/Authority System. An authenticated attacker can leverage this vulnerability to execute arbitrary code with...

9.1CVSS7.8AI score0.00325EPSS
Exploits0References1
CVE
CVEadded 2023/08/14 4:9 a.m.42 views

CVE-2023-3266

CVE-2023-3266 affects CyberPower PowerPanel Enterprise DCIM. The vulnerability is an improperly implemented security check for standard authentication , enabling an attacker to bypass authentication when LDAP authentication is selected. An unauthenticated attacker could log in as an administrator...

9.8CVSS9.5AI score0.0011EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2023/08/14 4:9 a.m.13 views

CVE-2023-3266

A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication checks if LDAP authentication is selected.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an...

9.8CVSS9.8AI score0.0011EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2023/08/14 4:9 a.m.19 views

CVE-2023-3266

A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication checks if LDAP authentication is selected.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an...

9.8CVSS7AI score0.0011EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2023/08/14 4:8 a.m.9 views

CVE-2023-3265

An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters from the username, allowing an attacker to login into the application with the default user "cyberpower" by appending a non-printable character.An unauthenticated attacker can leverage this...

9.8CVSS7.1AI score0.00193EPSS
Exploits0References1
CVE
CVEadded 2023/08/14 4:8 a.m.46 views

CVE-2023-3265

CVE-2023-3265 concerns CyberPower PowerPanel Enterprise DCIM. The flaw is "Improper Neutralization of Escape, Meta, or Control Sequences" due to inadequate sanitization of the username metacharacters, enabling an unauthenticated attacker to log in as an administrator with hardcoded default creden...

9.8CVSS9.5AI score0.00193EPSS
Exploits0References1Affected Software1
CNNVD
CNNVDadded 2023/08/14 12:0 a.m.2 views

CyberPower PowerPanel Business Edition Security Vulnerability

Cyber Power Systems CyberPower PowerPanel Business Edition is a suite of power management software from Cyber Power Systems, USA. The software automates the shutdown of physical and virtual infrastructures and monitors and manages CyberPower UPS systems and network-connected PDUs Power Distributi...

9.8CVSS6.7AI score0.0011EPSS
Exploits0References2
CNNVD
CNNVDadded 2023/08/14 12:0 a.m.2 views

CyberPower PowerPanel Business Edition Operating System Command Injection Vulnerability

Cyber Power Systems CyberPower PowerPanel Business Edition is a suite of power management software from Cyber Power Systems, USA. The software automates the shutdown of physical and virtual infrastructures and monitors and manages CyberPower UPS systems and network-connected PDUs Power Distributi...

9.1CVSS6.8AI score0.00325EPSS
Exploits0References2
CNNVD
CNNVDadded 2023/08/14 12:0 a.m.2 views

Cyber Power Systems CyberPower PowerPanel Enterprise Security Vulnerability

Cyber Power Systems CyberPower PowerPanel Business Edition is a suite of power management software from Cyber Power Systems, USA. The software automates the shutdown of physical and virtual infrastructures and monitors and manages CyberPower UPS systems and network-connected PDUs Power Distributi...

9.8CVSS6.5AI score0.00193EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2023/08/13 12:0 a.m.2 views

PT-2023-23931 · Cyberpower · Cyberpower Powerpanel Enterprise

Name of the Vulnerable Software and Affected Versions: CyberPower PowerPanel Enterprise affected versions not specified Description: An authentication bypass exists in CyberPower PowerPanel Enterprise due to the failure to sanitize meta-characters from the username, allowing an attacker to log in...

9.8CVSS9.6AI score0.00193EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2023/08/13 12:0 a.m.2 views

PT-2023-23939 · Cyberpower · Cyberpower Powerpanel Enterprise

Name of the Vulnerable Software and Affected Versions: CyberPower PowerPanel Enterprise affected versions not specified Description: A non-feature complete authentication mechanism exists in the production application, allowing an attacker to bypass all authentication checks if LDAP authenticatio...

9.8CVSS9.6AI score0.0011EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2023/08/12 12:0 a.m.3 views

PT-2023-23945 · Cyberpower · Cyberpower Powerpanel Enterprise

Name of the Vulnerable Software and Affected Versions: CyberPower PowerPanel Enterprise affected versions not specified Description: The issue allows an authenticated user to pass arbitrary OS commands through the username field when adding a remote backup location. This field is passed without...

9.1CVSS8.8AI score0.00325EPSS
Exploits0References9
Tenable Nessus
Tenable Nessusadded 2023/07/24 12:0 a.m.9 views

CyberPower PowerPanel Business Management Detection

Binary data cyberpowerppbmanagementdetect.nbin...

7.3AI score
Exploits0References1
Rows per page
Query Builder