CyberSecurityBoard
Sponsor Register Login

CVE-2023-2291

Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a low-privileged user to an Administrative user.

Publication date: Thu, 27 Apr 2023 02:15:00 +0000


Cyber News related to CVE-2023-2291

CVE-2023-52884 - In the Linux kernel, the following vulnerability has been resolved: ...
9 months ago
Vulnerability Summary for the Week of November 27, 2023 - PrimaryVendor - Product apple - multiple products Description A memory corruption vulnerability was addressed with improved locking. Published 2023-12-01 CVSS Score not yet calculated Source & Patch Info CVE-2023-48842 PrimaryVendor - Product dell - ...
1 year ago Cisa.gov CVE-2023-48842 CVE-2023-43089 CVE-2023-39226 CVE-2023-46690 CVE-2023-47207 CVE-2023-46886 CVE-2023-48882 CVE-2023-49656 CVE-2023-28896 CVE-2023-48016 CVE-2023-49092 CVE-2023-2266 CVE-2023-2267 CVE-2023-31177 CVE-2023-34388 CVE-2023-34389 CVE-2023-48848 CVE-2023-4398
CVE-2024-37051 - GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 ...
9 months ago Tenable.com
CVE-2024-2291 - ...
1 year ago
Patching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core Server - Sig 11,887 p4api vs2017 static openssl3 p4api-2023.1.2468153-vs2017 static. Sig 11,847 p4api vs2017 static p4api-2023.1.2468153-vs2017 static. Sig 10,187 p4api vs2017 static vsdebug openssl3 p4api-2023.1.2468153-vs2017 static vsdebug. Sig 10,147 ...
1 year ago Microsoft.com
CVE-2023-2291 - Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that ...
1 year ago
Hackers Use Fake Job Ads to Steal Cryptocurrency from the Industry - Once the Enigma loader is executed, it begins the process of registering and downloading the second-stage payload. This malware is constantly being developed, so the attacker can use the logging server to improve its performance. The downloader, ...
2 years ago Trendmicro.com CVE-2015-2291
CVE-2016-2291 - Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allow remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. ...
3 years ago
CVE-1999-1039 - Vulnerability in (1) diskalign and (2) diskperf in IRIX 6.4 patches 2291 and 2848 allow a local user to create root-owned files leading to a root compromise. ...
16 years ago
CVE-2009-2291 - Unspecified vulnerability in LoginToboggan 6.x-1.x before 6.x-1.5, a module for Drupal, when "Allow users to login using their e-mail address" is enabled, allows remote blocked users to bypass intended access restrictions via unspecified ...
15 years ago
CVE-2011-2291 - Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality via unknown vectors related to Trusted Extensions. ...
13 years ago
CVE-2012-2291 - EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC Avamar plugin 4.x, 5.x, and 6.x for Oracle, uses world-writable permissions for cache directories, which allows local users to gain privileges via an unspecified symlink attack. ...
12 years ago
CVE-2005-2291 - Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext password as a parameter when starting sqlplus, which allows local users to gain sensitive information. ...
8 years ago
CVE-2015-2851 - client_chown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by specifying a filename. ...
8 years ago
CVE-2006-2291 - Cross-site scripting (XSS) vulnerability in calendar_new.asp in IA-Calendar allows remote attackers to inject arbitrary web script or HTML via the TypeName1 parameter. NOTE: the provenance of this information is unknown; the details are obtained ...
7 years ago
CVE-2002-2291 - Calisto Internet Talker 0.04 and earlier allows remote attackers to cause a denial of service (hang) via a long request, possibly triggering a buffer overflow. ...
7 years ago
CVE-2010-2291 - Unspecified vulnerability in the web interface in snom VoIP Phone firmware 8 before 8.2.35 allows remote attackers to bypass intended restrictions and modify user credentials via unknown vectors. NOTE: some of these details are obtained from third ...
7 years ago
CVE-2015-2291 - (1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) ...
7 years ago
CVE-2014-2291 - Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows ...
7 years ago
CVE-2008-2291 - axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 generates credentials with a fixed salt or without any salt, which makes it easier for remote attackers to guess encrypted domain credentials. ...
5 years ago
CVE-2004-2291 - Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script. ...
3 years ago
CVE-2007-2291 - CRLF injection vulnerability in the Digest Authentication support for Microsoft Internet Explorer 7.0.5730.11 allows remote attackers to conduct HTTP response splitting attacks via a LF (%0a) in the username attribute. ...
3 years ago
CVE-2022-2291 - A vulnerability was found in SourceCodester Hotel Management System 2.0. It has been rated as problematic. This issue affects some unknown processing of the file /ci_hms/search of the component Search. The manipulation of the argument search with the ...
2 years ago
CVE-2021-2291 - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows low privileged attacker with logon to the ...
2 years ago
CVE-2020-2291 - Jenkins couchdb-statistics Plugin 0.3 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. ...
1 year ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)