CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 1CVE-2023-28352
https://notcve.org/view.php?id=CVE-2023-28352
An issue was discovered in Faronics Insight 10.0.19045 on Windows. By abusing the Insight UDP broadcast discovery system, an attacker-controlled artificial Student Console can connect to and attack a Teacher Console even after Enhanced Security Mode has been enabled. • https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight https://research.nccgroup.com/?research=Technical%20advisories • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-18857
https://notcve.org/view.php?id=CVE-2017-18857
The NETGEAR Insight application before 2.42 for Android and iOS is affected by password mismanagement. La aplicación NETGEAR Insight versiones anteriores a 2.42, para Android e iOS está afectada por una administración inapropiada de contraseñas. • https://kb.netgear.com/000038799/Security-Fix-for-Password-Management-in-NETGEAR-Insight-App-PSV-2017-1978 • CWE-521: Weak Password Requirements •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12591
https://notcve.org/view.php?id=CVE-2019-12591
NETGEAR Insight Cloud with firmware before Insight 5.6 allows remote authenticated users to achieve command injection. NETGEAR Insight Cloud con firmware Insight anterior a la versión 5.6 permite a los usuarios autenticados remotos lograr la inyección de comandos. • https://kb.netgear.com/000060977/Security-Advisory-for-Post-Authentication-Command-Injection-on-Insight-Cloud-PSV-2018-0366 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-6507
https://notcve.org/view.php?id=CVE-2019-6507
An issue was discovered in creditease-sec insight through 2018-09-11. login_user_delete in srcpm/app/admin/views.py allows CSRF. Se ha descubierto un problema en creditease-sec insight hasta el 11/09/2018. login_user_delete in srcpm/app/admin/views.py permite Cross-Site Request Forgery (CSRF). • https://github.com/creditease-sec/insight/issues/42 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-6510
https://notcve.org/view.php?id=CVE-2019-6510
An issue was discovered in creditease-sec insight through 2018-09-11. user_delete in srcpm/app/admin/views.py allows CSRF. Se ha descubierto un problema en creditease-sec insight hasta el 11/09/2018. user_delete en srcpm/app/admin/views.py permite Cross-Site Request Forgery (CSRF). • https://github.com/creditease-sec/insight/issues/42 • CWE-352: Cross-Site Request Forgery (CSRF) •