WordPress Backup & Migration Security Vulnerabilities

xbtitFM 4.1.18 - Multiple Vulnerabilities

...

Release Information for Veeam Backup for Microsoft Azure 6 Patch 1

Release Information for Veeam Backup for Microsoft Azure 6 Patch...

Release Information for Veeam Backup for AWS 7 Patch 1

Release Information for Veeam Backup for AWS 7 Patch...

Virtuozzo Hybrid Server 7.5 Update 6 Hotfix 1 (7.5.6-112)

The Hotfix 1 for Virtuozzo Hybrid Server 7.5 Update 6 introduces a new feature and provides stability and usability bug fixes. Vulnerability id: PSBM-154494 Virtuozzo Automator Agent could fail to return disk statistics for some stopped containers. Vulnerability id: PSBM-154488 Downloading the...

UPS Network Management Card 4 - Path Traversal Vulnerability

...

BackWPup < 4.0.4 - Unauthenticated Backup Download

Description The plugin does not prevent visitors from leaking key information about ongoing backups, allowing unauthenticated attackers to download backups of a site's...

Release Information for Veeam Backup for Google Cloud 5 Patch 1

Release Information for Veeam Backup for Google Cloud 5 Patch...

LaborOfficeFree 19.10 - MySQL Root Password Calculator Exploit

...

CVE-2024-2567

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, was found in jurecapuder AndroidWeatherApp 1.0.0 on Android. Affected is an unknown function of the file androidmanifest.xml of the component Backup File Handler. The manipulation leads to exposure of backup file....

CVE-2024-2567

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, was found in jurecapuder AndroidWeatherApp 1.0.0 on Android. Affected is an unknown function of the file androidmanifest.xml of the component Backup File Handler. The manipulation leads to exposure of backup file....

CVE-2024-2567 jurecapuder AndroidWeatherApp Backup File androidmanifest.xml backup

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, was found in jurecapuder AndroidWeatherApp 1.0.0 on Android. Affected is an unknown function of the file androidmanifest.xml of the component Backup File Handler. The manipulation leads to exposure of backup file....

CVE-2024-2294

The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.7 via the backup_name parameter in the backuply_download_backup function. This makes it possible for attackers to have an account with only...

CVE-2024-2294

The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.7 via the backup_name parameter in the backuply_download_backup function. This makes it possible for attackers to have an account with only...

CVE-2024-2294

The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.7 via the backup_name parameter in the backuply_download_backup function. This makes it possible for attackers to have an account with only...

UPS Network Management Card 4 - Path Traversal

...

LaborOfficeFree 19.10 - MySQL Root Password Calculator

...

Security Bulletin: Multiple vulnerabilities in Open JDK affecting Rational Functional Tester / DevOps Test UI

Summary There are multiple vulnerabilities in Open JDK Version 8, OpenJ9 used by Rational Functional Tester (RFT) / DevOps Test UI. RFT has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security...

Record Breaking $153,000+ Already Invested into the Security of the WordPress Ecosystem by Wordfence – More to Come!

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! In just a few short months since our launch in November of last...

Update Rollup 6 for System Center 2019 Orchestrator

Update Rollup 6 for System Center 2019 Orchestrator Applies to: System Center 2019 Orchestrator System Center 2019 Orchestrator UR1 System Center 2019 Orchestrator UR2 System Center 2019 Orchestrator UR3 Introduction This article describes the issues that have been fixed for Microsoft System...

Security Bulletin: AIX is vulnerable to a machine-in-the-middle attack (CVE-2023-48795), arbitrary command execution (CVE-2023-51385), and information disclosure (CVE-2023-51384) due to OpenSSH

Summary Vulnerabilities in AIX's OpenSSH could allow a remote attacker to launch a machine-in-the-middle attack (CVE-2023-48795) and execute arbitrary commands (CVE-2023-51385), and could allow a local authenticated attacker to obtain sensitive information (CVE-2023-51384). OpenSSH is used by AIX.....

Siemens SCALANCE XB-200/XC-200/XP-200/XF-200BA/XR-300WG Family

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Siemens SINEMA Remote Connect Client

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

CVE-2024-25228

Vinchin Backup and Recovery 7.2 and Earlier is vulnerable to Authenticated Remote Code Execution (RCE) via the getVerifydiyResult function in...

CVE-2024-25228

Vinchin Backup and Recovery 7.2 and Earlier is vulnerable to Authenticated Remote Code Execution (RCE) via the getVerifydiyResult function in...

CVE-2024-25228

Vinchin Backup and Recovery 7.2 and Earlier is vulnerable to Authenticated Remote Code Execution (RCE) via the getVerifydiyResult function in...

Vinchin Backup And Recovery 7.2 Command Injection

...

Important: squid

Issue Overview: Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known....

CVE-2024-1383

The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 0.9.32 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-1383

The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 0.9.32 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

Cross site scripting

The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 0.9.32 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-1383

The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 0.9.32 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

This Week in Spring - March 12th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! And what a week it's going to be! Do this first: we need your help! Please answer some questions in our State of Spring survey! Join me for a look at the latest-and-greatest, chronicling how I got started with Spring Boot in...

"Established connection failed because connected host has failed to respond :10005"

Task for Managed Veeam Agent for Microsoft Windows Deployment Fails with Error Mentioning Port...

CVE-2023-52490

In the Linux kernel, the following vulnerability has been resolved: mm: migrate: fix getting incorrect page mapping during page migration When running stress-ng testing, we found below kernel crash after a few hours: Unable to handle kernel NULL pointer dereference at virtual address...

CVE-2023-52490

In the Linux kernel, the following vulnerability has been resolved: mm: migrate: fix getting incorrect page mapping during page migration When running stress-ng testing, we found below kernel crash after a few hours: Unable to handle kernel NULL pointer dereference at virtual address...

CVE-2023-52490

In the Linux kernel, the following vulnerability has been resolved: mm: migrate: fix getting incorrect page mapping during page migration When running stress-ng testing, we found below kernel crash after a few hours: Unable to handle kernel NULL pointer dereference at virtual address...

CVE-2023-52490

In the Linux kernel, the following vulnerability has been resolved: mm: migrate: fix getting incorrect page mapping during page migration When running stress-ng testing, we found below kernel crash after a few hours: Unable to handle kernel NULL pointer dereference at virtual address...

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: mm: migrate: fix getting incorrect page mapping during page migration When running stress-ng testing, we found below kernel crash after a few hours: Unable to handle kernel NULL pointer dereference at virtual address...

Granular sudo Permissions Required for Management of Linux-base Tape Server

Granular sudo Permissions Required for Management of Linux-base Tape...

WordPress Duplicator Data Exposure / Account Takeover

...

Hitachi NAS SMU Backup And Restore Insecure Direct Object Reference

...

CVE-2023-52490

In the Linux kernel, the following vulnerability has been resolved: mm: migrate: fix getting incorrect page mapping during page migration When running stress-ng testing, we found below kernel crash after a few hours: Unable to handle kernel NULL pointer dereference at virtual address...

WordPress Plugin Duplicator &lt; 1.5.7.1 - Unauthenticated Sensitive Data Exposure to Account Takeover

...

Hitachi NAS (HNAS) System Management Unit (SMU) Backup &amp; Restore &lt; 14.8.7825.01 - IDOR

...

Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6688-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6688-1 advisory. Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them...

Hitachi NAS (HNAS) System Management Unit (SMU) Backup & Restore < 14.8.7825.01 IDOR Exploit

...

WordPress Duplicator Plugin < 1.5.7.1 - Unauthenticated Sensitive Data Exposure Account Takeover

...

CVE-2024-2364

A vulnerability classified as problematic has been found in Musicshelf 1.0/1.1 on Android. Affected is an unknown function of the file androidmanifest.xml of the component Backup Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to launch.....

CVE-2024-2364

A vulnerability classified as problematic has been found in Musicshelf 1.0/1.1 on Android. Affected is an unknown function of the file androidmanifest.xml of the component Backup Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to launch.....

CVE-2024-2364 Musicshelf Backup androidmanifest.xml backup

A vulnerability classified as problematic has been found in Musicshelf 1.0/1.1 on Android. Affected is an unknown function of the file androidmanifest.xml of the component Backup Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to launch.....