CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2023-28350
https://notcve.org/view.php?id=CVE-2023-28350
An issue was discovered in Faronics Insight 10.0.19045 on Windows. Attacker-supplied input is not validated/sanitized before being rendered in both the Teacher and Student Console applications, enabling an attacker to execute JavaScript in these applications. Due to the rich and highly privileged functionality offered by the Teacher Console, the ability to silently exploit Cross Site Scripting (XSS) on the Teacher Machine enables remote code execution on any connected student machine (and the teacher's machine). • https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight https://research.nccgroup.com/?research=Technical%20advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 1CVE-2023-28352
https://notcve.org/view.php?id=CVE-2023-28352
An issue was discovered in Faronics Insight 10.0.19045 on Windows. By abusing the Insight UDP broadcast discovery system, an attacker-controlled artificial Student Console can connect to and attack a Teacher Console even after Enhanced Security Mode has been enabled. • https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight https://research.nccgroup.com/?research=Technical%20advisories • CWE-863: Incorrect Authorization •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 3CVE-2014-2382
https://notcve.org/view.php?id=CVE-2014-2382
The DfDiskLo.sys driver in Faronics Deep Freeze Standard and Enterprise 8.10 and earlier allows local administrators to cause a denial of service (crash) and execute arbitrary code via a crafted IOCTL request that writes to arbitrary memory locations, related to the IofCallDriver function. El controlador DfDiskLo.sys en Faronics Deep Freeze Standard and Enterprise 8.10 y anteriores permite a los administradores locales causar una denegación de servicio (caída) y ejecutar código arbitrario a través de una solicitud IOCTL manipulada que escribe localizaciones de memoria arbitrarias, relacionado con la función lofCallDriver. • http://packetstormsecurity.com/files/129172/Faronics-Deep-Freeze-Arbitrary-Code-Execution.html http://seclists.org/fulldisclosure/2014/Nov/52 https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2382 • CWE-399: Resource Management Errors •
CVSS: 1.0EPSS: 0%CPEs: 1EXPL: 2CVE-2004-2648
https://notcve.org/view.php?id=CVE-2004-2648
FreezeX 1.00.100.0666 allows local users with administrator privileges to cause a denial of service (FreezeX application) by overwriting the db.fzx file. • http://archives.neohapsis.com/archives/fulldisclosure/2004-12/0458.html http://securitytracker.com/id?1012699 http://www.osvdb.org/12659 https://exchange.xforce.ibmcloud.com/vulnerabilities/18643 •