10 matches found
CVE-2023-28353
CVE-2023-28353 affects Faronics Insight 10.0.19045 on Windows. An unauthenticated attacker can upload arbitrary files to any location on the Teacher Console computer, enabling multiple exploitation paths including achievable code execution and the potential to chain with other flaws to run a DLL ...
CVE-2023-28348
The CVE-2023-28348 entry affects Faronics Insight version 10.0.19045. The root cause is unencrypted storage in the Teacher Console and Student Console components, enabling a nearby attacker to perform a man-in-the-middle attack by sending specially crafted HTTP requests to port 8890, intercepting...
CVE-2023-28350
The CVE-2023-28350 issue affects Faronics Insight version 10.0.19045 on Windows, where attacker-supplied input is rendered in both the Teacher and Student Console applications without proper validation/sanitization. This enables cross-site scripting (XSS) in the consoles, and due to the Teacher C...
CVE-2023-28349
CVE-2023-28349 affects Faronics Insight on Windows (v10.0.19045). A crafted program that mimics the Teacher Console can cause Student Consoles to connect and, with NT AUTHORITY/SYSTEM permissions, write arbitrary files to arbitrary locations, enabling remote code execution. The vulnerability aris...
CVE-2023-28344
The CVE-2023-28344 issue affects Faronics Insight 10.0.19045 on Windows. The root cause is insufficient access control when handling the agent id parameter in the Insight Teacher Console, allowing unauthenticated attackers to view constantly updated screenshots of student desktops and to submit f...
CVE-2023-28345
CVE-2023-28345 affects Faronics Insight 10.0.19045 on Windows, where the Insight Teacher Console exposes the teacher’s password in cleartext via a localhost API endpoint. An attacker with physical access can open a browser, access the endpoint, and obtain the password, enabling login to the Teach...
CVE-2023-28347
The CVE-2023-28347 issue affects Faronics Insight 10.0.19045 on Windows. A cross-site scripting flaw in the Teacher Console can be exploited by a PoC that mimics the Student Console, enabling unauthenticated attackers to achieve remote code execution as NT AUTHORITY/SYSTEM on all connected Studen...
CVE-2023-28351
Summary: CVE-2023-28351 affects Faronics Insight 10.0.19045 (Windows) where every keystroke by any user on a system with the Student application is logged to a world‑readable directory. A local attacker can trivially access these cleartext keystrokes, enabling potential collection of PII and comp...
CVE-2023-28346
CVE-2023-28346 (Faronics Insight 10.0.19045, Windows) : A vulnerability allows remote attackers with valid credentials to communicate with private API endpoints exposed by the web server (examples: /login, /consoleSettings, /console) despite Virtual Host Routing intended to block access. The flaw...
CVE-2023-28352
CVE-2023-28352 affects Faronics Insight 10.0.19045 on Windows. The issue stems from abusing the Insight UDP broadcast discovery system, enabling an attacker‑controlled artificial Student Console to connect to and attack a Teacher Console even after Enhanced Security Mode is enabled. CVSS v3.1 bas...