WordPress Backup & Migration Security Vulnerabilities

Backup and Restore WordPress < 1.50 - Unauthenticated Sensitive Data Exposure

Description The plugin does not protect some log files containing sensitive information such as site configuration etc, allowing unauthenticated users to access such...

Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability

Vulnerability Details Affected Vendor: Artica Affected Product: Artica Proxy Affected Version: 4.40 and 4.50 Platform: Debian 10 LTS CWE Classification: CWE-23: Relative Path Traversal CVE ID: CVE-2024-2053 Vulnerability Description The Artica Proxy administrative web application attempts...

openSUSE: Security Advisory for qemu (SUSE-SU-2023:4056-1)

The remote host is missing an update for...

openSUSE: Security Advisory for opera (openSUSE-SU-2023:0338-1)

The remote host is missing an update for...

openSUSE: Security Advisory for SUSE Manager Server 4.2 (SUSE-SU-2023:2594-1)

The remote host is missing an update for...

openSUSE: Security Advisory for tar (SUSE-SU-2023:0463-1)

The remote host is missing an update for...

Multilaser RE160V / RE160 URL Manipulation Access Bypass

...

openSUSE: Security Advisory for opera (openSUSE-SU-2023:0337-1)

The remote host is missing an update for...

openSUSE: Security Advisory for syncthing (openSUSE-SU-2023:0126-1)

The remote host is missing an update for...

Multilaser RE160 Cookie Manipulation Access Bypass

...

openSUSE: Security Advisory for nodejs18 (SUSE-SU-2023:0419-1)

The remote host is missing an update for...

Multilaser RE160V Header Manipulation Access Bypass

...

openSUSE: Security Advisory for opera (openSUSE-SU-2023:0251-1)

The remote host is missing an update for...

Tinyfilemanager-Wh1Z-Edition - Effortlessly Browse And Manage Your Files With Ease Using Tiny File Manager [WH1Z-Edition], A Compact Single-File PHP File Manager

Introducing Tiny File Manager [WH1Z-Edition], the compact and efficient solution for managing your files and folders with enhanced privacy and security features. Gone are the days of relying on external resources – I've stripped down the code to its core, making it truly lightweight and perfect...

4 Instructive Postmortems on Data Downtime and Loss

More than a decade ago, the concept of the 'blameless' postmortem changed how tech companies recognize failures at scale. John Allspaw, who coined the term during his tenure at Etsy, argued postmortems were all about controlling our natural reaction to an incident, which is to point fingers: "One.....

How to Collect Logs for Veeam Plug-in for IBM Db2

How to Collect Logs for Veeam Plug-in for IBM...

Backups to DDBoost Repository Fail After Upgrading to VBR 12.1.1

This issue occurs because the Veeam Installer Service was unable to replace the existing VeeamDeploymentDll.dll with the newer one during the...

conmon security update

conmon [2.1.3-8] - address CVE-2023-39326 [2.1.3-7] - Resolve CVE-2023-39325 [2.1.3-6] - Add ol8_baseos_latest, and ol9_baseos_latest, to Jenkinsfile [2.1.3-5] - Add systemd-devel as build requirement [2.1.3-4] - Add support ARM build [2.1.3.3] - Add OL9 support [2.1.3.2] - Update inline with...

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 19, 2024 to February 25, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 83 vulnerabilities disclosed in 57 WordPress.....

CVE-2023-52490 mm: migrate: fix getting incorrect page mapping during page migration

In the Linux kernel, the following vulnerability has been resolved: mm: migrate: fix getting incorrect page mapping during page migration When running stress-ng testing, we found below kernel crash after a few hours: Unable to handle kernel NULL pointer dereference at virtual address...

CVE-2023-52490 mm: migrate: fix getting incorrect page mapping during page migration

In the Linux kernel, the following vulnerability has been resolved: mm: migrate: fix getting incorrect page mapping during page migration When running stress-ng testing, we found below kernel crash after a few hours: Unable to handle kernel NULL pointer dereference at virtual address...

CVE-2021-46978

In the Linux kernel, the following vulnerability has been resolved: KVM: nVMX: Always make an attempt to map eVMCS after migration When enlightened VMCS is in use and nested state is migrated with vmx_get_nested_state()/vmx_set_nested_state() KVM can't map evmcs page right away: evmcs gpa is not...

Exploit for Improper Control of Dynamically-Managed Code Resources in Apache Solr

Apache-Solr-RCE_CVE-2023-50386_POC Apache Solr Backup/Restore...

CVE-2021-47007

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix panic during f2fs_resize_fs() f2fs_resize_fs() hangs in below callstack with testcase: - mkfs 16GB image & mount image - dd 8GB fileA - dd 8GB fileB - sync - rm fileA - sync - resize filesystem to 8GB kernel BUG at...

CVE-2024-1982

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the get_restore_progress() and restore() functions in all versions up to, and including, 0.9.68. This makes it possible for unauthenticated attackers to exploit a....

CVE-2024-1982

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the get_restore_progress() and restore() functions in all versions up to, and including, 0.9.68. This makes it possible for unauthenticated attackers to exploit a....

CVE-2024-1981

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to SQL Injection via the 'table_prefix' parameter in version 0.9.68 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2024-1981

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to SQL Injection via the 'table_prefix' parameter in version 0.9.68 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

Sql injection

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to SQL Injection via the 'table_prefix' parameter in version 0.9.68 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

Sql injection

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the get_restore_progress() and restore() functions in all versions up to, and including, 0.9.68. This makes it possible for unauthenticated attackers to exploit a....

CVE-2024-1981

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to SQL Injection via the 'table_prefix' parameter in version 0.9.68 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2024-1982

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the get_restore_progress() and restore() functions in all versions up to, and including, 0.9.68. This makes it possible for unauthenticated attackers to exploit a....

CVE-2024-1982

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the get_restore_progress() and restore() functions in all versions up to, and including, 0.9.68. This makes it possible for unauthenticated attackers to exploit a....

CVE-2023-6565

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for unauthenticated attackers to extract sensitive data from a temporary SQL file via repeated GET...

CVE-2023-6565

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for unauthenticated attackers to extract sensitive data from a temporary SQL file via repeated GET...

Design/Logic Flaw

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for unauthenticated attackers to extract sensitive data from a temporary SQL file via repeated GET...

CVE-2024-25811

An access control issue in Dreamer CMS v4.0.1 allows attackers to download backup files and leak sensitive...

WPvivid Backup and Migration < 0.9.69 - Unauthenticated SQLi & DoS

Description The plugin is vulnerable to unauthorized access due to a missing capability check on the get_restore_progress() and restore() functions, allowing unauthenticated attackers to exploit a SQL injection vulnerability or trigger a...

USN-6600-1: MariaDB vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description Several security issues were discovered in MariaDB and this update includes new upstream MariaDB versions to fix these issues. MariaDB has been updated to 10.3.39 in Ubuntu 20.04 LTS, 10.6.16 in Ubuntu...

(RHSA-2024:1027) Moderate: Migration Toolkit for Applications security update

Migration Toolkit for Applications Security Fix(es): golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962) jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693) apache-ivy: XML...

CVE-2023-51681

Cross-Site Request Forgery (CSRF) vulnerability in Duplicator Duplicator – WordPress Migration & Backup Plugin.This issue affects Duplicator – WordPress Migration & Backup Plugin: from n/a through...

CVE-2023-51681

Cross-Site Request Forgery (CSRF) vulnerability in Duplicator Duplicator – WordPress Migration & Backup Plugin.This issue affects Duplicator – WordPress Migration & Backup Plugin: from n/a through...

Cross site request forgery (csrf)

Cross-Site Request Forgery (CSRF) vulnerability in Duplicator Duplicator – WordPress Migration & Backup Plugin.This issue affects Duplicator – WordPress Migration & Backup Plugin: from n/a through...

CVE-2023-51681 WordPress Duplicator Plugin <= 1.5.7 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Duplicator Duplicator – WordPress Migration & Backup Plugin.This issue affects Duplicator – WordPress Migration & Backup Plugin: from n/a through...

AIX is vulnerable to a machine-in-the-middle attack (CVE-2023-48795) arbitrary command execution (CVE-2023-51385) and information disclosure (CVE-2023-51384) due to OpenSSH

IBM SECURITY ADVISORY First Issued: Wed Feb 28 12:58:51 CST 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/openssh_advisory16.asc Security Bulletin: AIX is vulnerable to a machine-in-the-middle attack (CVE-2023-48795),...

CVE-2021-47007

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix panic during f2fs_resize_fs() f2fs_resize_fs() hangs in below callstack with testcase: - mkfs 16GB image & mount image - dd 8GB fileA - dd 8GB fileB - sync - rm fileA - sync - resize filesystem to 8GB kernel BUG at...

CVE-2021-47007

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix panic during f2fs_resize_fs() f2fs_resize_fs() hangs in below callstack with testcase: - mkfs 16GB image & mount image - dd 8GB fileA - dd 8GB fileB - sync - rm fileA - sync - resize filesystem to 8GB kernel BUG at...

CVE-2021-47007

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix panic during f2fs_resize_fs() f2fs_resize_fs() hangs in below callstack with testcase: - mkfs 16GB image & mount image - dd 8GB fileA - dd 8GB fileB - sync - rm fileA - sync - resize filesystem to 8GB kernel BUG at...

CVE-2021-46978

In the Linux kernel, the following vulnerability has been resolved: KVM: nVMX: Always make an attempt to map eVMCS after migration When enlightened VMCS is in use and nested state is migrated with vmx_get_nested_state()/vmx_set_nested_state() KVM can't map evmcs page right away: evmcs gpa is not...

CVE-2021-46978

In the Linux kernel, the following vulnerability has been resolved: KVM: nVMX: Always make an attempt to map eVMCS after migration When enlightened VMCS is in use and nested state is migrated with vmx_get_nested_state()/vmx_set_nested_state() KVM can't map evmcs page right away: evmcs gpa is not...