CVE-2023-3266 : CYBERPOWER POWERPANEL ENTERPRISE 2.6.0 LDAP AUTHENTICATION SECURITY CHECK

Description

A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication checks if LDAP authentication is selected. An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an administrator by selecting LDAP authentication from a hidden HTML combo box. Successful exploitation of this vulnerability also requires the attacker to know at least one username on the device, but any password will authenticate successfully.

References

https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html

For More Information

CVERecord

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-21513 : LANGCHAIN-EXPERIMENTAL UP TO 0.0.20 DATABASE EVAL CODE INJECTION

CVE-2024-21513 : LANGCHAIN-EXPERIMENTAL UP TO 0.0.20 DATABASE EVAL CODE INJECTION

Description Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values

CVE-2024-6737 : 2100 TECHNOLOGY ELECTRONIC OFFICIAL DOCUMENT MANAGEMENT SYSTEM UP TO 5.0.76 SETTING ACCESS CONTROL

CVE-2024-6737 : 2100 TECHNOLOGY ELECTRONIC OFFICIAL DOCUMENT MANAGEMENT SYSTEM UP TO 5.0.76 SETTING ACCESS CONTROL

Description The access control in the Electronic Official Document Management System from 2100 TECHNOLOGY is not properly implemented, allowing remote

CVE-2024-6345 : PYPA SETUPTOOLS UP TO 69.1.1 PACKAGE_INDEX CODE INJECTION

CVE-2024-6345 : PYPA SETUPTOOLS UP TO 69.1.1 PACKAGE_INDEX CODE INJECTION

Description A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its