WordPress Backup & Migration Security Vulnerabilities

CVE-2024-22901

Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL...

CVE-2024-22900

Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo...

CVE-2024-22901

Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL...

CVE-2024-22902

Vinchin Backup & Recovery v7.2 was discovered to be configured with default root...

CVE-2024-22900

Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo...

CVE-2024-22903

Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the deleteUpdateAPK...

CVE-2024-22899

Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime...

CVE-2024-22903

Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the deleteUpdateAPK...

CVE-2024-22902

Vinchin Backup & Recovery v7.2 was discovered to be configured with default root...

CVE-2024-22899

Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime...

Remote code execution

Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime...

Remote code execution

Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the deleteUpdateAPK...

Remote code execution

Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo...

Default credentials

Vinchin Backup & Recovery v7.2 was discovered to be configured with default root...

Default credentials

Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL...

CVE-2024-22901

Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL...

CVE-2024-22902

Vinchin Backup & Recovery v7.2 was discovered to be configured with default root...

CVE-2024-22899

Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime...

CVE-2024-22903

Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the deleteUpdateAPK...

JetBackup < 2.0.9.9 - Directory Listing Exposing Backups

Description The plugin doesn't use index files to prevent public directory listing of sensitive directories in certain configurations, which allows malicious actors to leak backup files. A partial fix was released in 2.0.9.6, removing the ability to list the directory but still allowing direct...

JetBackup < 2.0.9.9 - Directory Listing Exposing Backups

Description The plugin doesn't use index files to prevent public directory listing of sensitive directories in certain configurations, which allows malicious actors to leak backup files. A partial fix was released in 2.0.9.6, removing the ability to list the directory but still allowing direct...

CVE-2024-22900

Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo...

Important: squid

Issue Overview: Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote....

Medium: squid

Issue Overview: Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages....

Important: squid

Issue Overview: Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote....

Wordfence Intelligence Weekly WordPress Vulnerability Report (January 22, 2024 to January 28, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 52 vulnerabilities disclosed in 42...

How to Prepare for a Cyberattack

Deciphering the Cyber Invasion Terrain We exist in an era deeply entrenched in digital dependence, where cyber invasions present significant risks for companies, government establishments, and solitary users. As we hurdle deeper into the digital era, the art of cyber misdemeanors continues to...

CVE-2024-23507

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InstaWP Team InstaWP Connect – 1-click WP Staging & Migration.This issue affects InstaWP Connect – 1-click WP Staging & Migration: from n/a through...

CVE-2024-23507

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InstaWP Team InstaWP Connect – 1-click WP Staging & Migration.This issue affects InstaWP Connect – 1-click WP Staging & Migration: from n/a through...

Sql injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InstaWP Team InstaWP Connect – 1-click WP Staging & Migration.This issue affects InstaWP Connect – 1-click WP Staging & Migration: from n/a through...

CVE-2024-23507 WordPress InstaWP Connect Plugin <= 0.1.0.9 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InstaWP Team InstaWP Connect – 1-click WP Staging & Migration.This issue affects InstaWP Connect – 1-click WP Staging & Migration: from n/a through...

ICS and OT threat predictions for 2024

We do not expect rapid changes in the industrial cyberthreat landscape in 2024. Most of the below-described trends have been observed before, many for some years. However, some of them have reached a critical mass of creeping changes, which could lead to a qualitative shift in the threat landscape....

Omron CS/CJ Series Missing Authentication For Critical Function (CVE-2022-45794)

Omron CS/CJ series programmable logic controllers are missing authentication for the file system. This could allow an attacker to access the file system (via memory card or EM file memory) and obtain all available sensitive information. This plugin only works with Tenable.ot. Please visit...

Post-quantum Cryptography for the Go Ecosystem

filippo.io/mlkem768 is a pure-Go implementation of ML-KEM-768 optimized for correctness and readability. ML-KEM (formerly known as Kyber, renamed because we can't have nice things) is a post-quantum key exchange mechanism in the process of being standardized by NIST and adopted by most of the...

New ZLoader Malware Variant Surfaces with 64-bit Windows Compatibility

Threat hunters have identified a new campaign that delivers the ZLoader malware, resurfacing nearly two years after the botnet's infrastructure was dismantled in April 2022. A new variant of the malware is said to have been in development since September 2023, Zscaler ThreatLabz said in an...

How to Merge Veeam Backup for Microsoft 365 Licenses

This article documents the process for merging and unmerging licenses for Veeam Backup for Microsoft 365 using the Veeam MyAccount...

Juniper Junos OS Vulnerability (JSA75735)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA75735 advisory. A Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network...

CVE-2023-7204

The WP STAGING WordPress Backup plugin before 3.2.0 allows access to cache files during the cloning process which...

CVE-2023-7204

The WP STAGING WordPress Backup plugin before 3.2.0 allows access to cache files during the cloning process which...

Design/Logic Flaw

The WP STAGING WordPress Backup plugin before 3.2.0 allows access to cache files during the cloning process which...

CVE-2023-7204 WP STAGING WordPress Backup Plugin < 3.2.0 - Unauthorized Sensitive Data Exposure

The WP STAGING WordPress Backup plugin before 3.2.0 allows access to cache files during the cloning process which...

Juniper Junos OS Vulnerability (JSA75723)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA75723 advisory. An Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated...

CVE-2024-23334

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option ‘follow_symlinks’ can be used to determine whether to follow...

Vinchin Backup And Recovery 7.2 SystemHandler.class.php Command Injection Vulnerability

...

Vinchin Backup And Recovery 7.2 syncNtpTime Command Injection Vulnerability

Vinchin Backup and Recovery versions 7.2 and below suffer from a command injection vulnerability in the syncNtpTime...

Vinchin Backup And Recovery 7.2 setNetworkCardInfo Command Injection Vulnerability

Vinchin Backup and Recovery versions 7.2 and below suffer from a command injection vulnerability in the setNetworkCardInfo...

Vinchin Backup And Recovery 7.2 Default Root Credentials Vulnerability

Vinchin Backup and Recovery version 7.2 has been identified as being configured with default root credentials, posing a significant security...

Debian: Security Advisory (DLA-3722-1)

The remote host is missing an update for the...

Exploit for Path Traversal in Ispyconnect Agent Dvr

AgentDVR-5.1.6.0-File-Upload-and-Remote-Code-Execution...

[SECURITY] [DLA 3722-1] mariadb-10.3 security update

Debian LTS Advisory DLA-3722-1 [email protected] https://www.debian.org/lts/security/ Bastien ROUCARIÃ?S January 27, 2024 https://wiki.debian.org/LTS Package : mariadb-10.3 Version : 1:10.3.39-0+deb10u2 CVE...