Veeam Backup & Replication Security Vulnerabilities

How to back up your iPhone to a Windows computer

They say the only backup you ever regret is the one you didn't make. iPhone backups can be used to easily move your apps and data to a new phone, to recover things you've lost, or to fix things that have failed. We've published posts on how to back up your iPhone to iCloud, and how to backup an...

How to back up your iPhone to a Mac

They say the only backup you ever regret is the one you didn't make. iPhone backups can be used to easily move your apps and data to a new phone, to recover things you've lost, or to fix things that have failed. One of the most cost effective ways to backup your iPhone is to save backups to your...

How to back up your iPhone to iCloud

They say the only backup you ever regret is the one you didn't make. iPhone backups can be used to easily move your apps and data to a new phone, to recover things you've lost, or to fix things that have failed. The most convenient way to backup your iPhone is to have it backup to iCloud. Backups.....

Virtuozzo Hybrid Infrastructure 6.1 (6.1.0-238)

In this release, Virtuozzo Hybrid Infrastructure introduces a new service---Backup and Restore as a Service---as well as provides a range of new features that cover improvements in the compute services and object storage. Additionally, this release delivers stability and security improvements, and....

Security Bulletin: Vulnerability of okio-1.13.0.jar is affecting APM WebSphere Application Server Agent, APM Tomcat Agent, APM SAP NetWeaver Java Stack Agent, APM WebLogic Agent and APM Data Collector for J2SE

Summary APM WebSphere Application Server Agent, APM Tomcat Agent, APM SAP NetWeaver Java Stack Agent, APM WebLogic Agent and APM Data Collector for J2SE are vulnerable to okio-1.13.0.jar CVE-2023-3635. The workaround includes okio-1.13.0.jar upgraded to okio-3.5.0.jar . Vulnerability Details **...

Sharepoint Dynamic Proxy Generator Remote Command Execution Exploit

This Metasploit module exploits two vulnerabilities in Sharepoint 2019 - an authentication bypass as noted in CVE-2023-29357 which was patched in June of 2023 and CVE-2023-24955 which was a remote command execution vulnerability patched in May of 2023. The authentication bypass allows attackers to....

WP Staging (Free < 3.4.0, Pro < 5.4.0) - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

WP Staging (Free < 3.4.0, Pro < 5.4.0) - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC 1. Go to "WP Staging &gt; Backup ...

Sharepoint Dynamic Proxy Generator Remote Command Execution

...

CVE-2023-7232

The Backup and Restore WordPress WordPress plugin through 1.45 does not protect some log files containing sensitive information such as site configuration etc, allowing unauthenticated users to access such...

CVE-2023-7232

The Backup and Restore WordPress WordPress plugin through 1.45 does not protect some log files containing sensitive information such as site configuration etc, allowing unauthenticated users to access such...

CVE-2023-7232 Backup and Restore WordPress <= 1.45 - Unauthenticated Sensitive Data Exposure

The Backup and Restore WordPress WordPress plugin through 1.45 does not protect some log files containing sensitive information such as site configuration etc, allowing unauthenticated users to access such...

IBM Storage Protect Plus Server Access Control Error Vulnerability

IBM Storage Protect Plus Server is an IBM Storage software from International Business Machines (IBM) that provides recovery, replication, retention and reuse for virtual machines, databases, applications, file systems, SaaS workloads and containers. An access control error vulnerability exists in....

Unable to complete the action because this backup agent is centrally managed by your system administrator.

When an existing standalone deployment of Veeam Agent for Windows is added to a protection group it is switched to managed mode, but the autorun entry remains in the...

IBM Storage Protect Plus Server Information Disclosure Vulnerability (CNVD-2024-16923)

IBM Storage Protect Plus Server is an IBM Storage software from International Business Machines (IBM) that provides recovery, replication, retention and reuse for virtual machines, databases, applications, file systems, SaaS workloads and containers. An information disclosure vulnerability exists.....

CVE-2021-47164

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix null deref accessing lag dev It could be the lag dev is null so stop processing the event. In bond_enslave() the active/backup slave being set before setting the upper dev so first event is without an upper dev....

CVE-2021-47164

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix null deref accessing lag dev It could be the lag dev is null so stop processing the event. In bond_enslave() the active/backup slave being set before setting the upper dev so first event is without an upper dev....

CVE-2021-47164

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix null deref accessing lag dev It could be the lag dev is null so stop processing the event. In bond_enslave() the active/backup slave being set before setting the upper dev so first event is without an upper dev....

CVE-2021-47164 net/mlx5e: Fix null deref accessing lag dev

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix null deref accessing lag dev It could be the lag dev is null so stop processing the event. In bond_enslave() the active/backup slave being set before setting the upper dev so first event is without an upper dev....

CVE-2021-47164 net/mlx5e: Fix null deref accessing lag dev

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix null deref accessing lag dev It could be the lag dev is null so stop processing the event. In bond_enslave() the active/backup slave being set before setting the upper dev so first event is without an upper dev....

CVE-2021-47164

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix null deref accessing lag dev It could be the lag dev is null so stop processing the event. In bond_enslave() the active/backup slave being set before setting the upper dev so first event is without an upper dev....

Everest Backup < 2.2.5 - Admin+ Arbitrary File Upload

Description The plugin does not properly validate backup files to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup) PoC 1. Go to the plugin setting and in the "Restore" section...

Everest Backup < 2.2.5 - Admin+ Arbitrary File Upload

Description The plugin does not properly validate backup files to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite...

Grav File Upload Path Traversal

Summary Grav is vulnerable to a file upload path traversal vulnerability, that can allow an adversary to replace or create files with extensions such as .json, .zip, .css, .gif, etc. This vulnerabiltiy can allow attackers to inject arbitrary code on the server, undermine integrity of backup files.....

Grav File Upload Path Traversal

Summary Grav is vulnerable to a file upload path traversal vulnerability, that can allow an adversary to replace or create files with extensions such as .json, .zip, .css, .gif, etc. This vulnerabiltiy can allow attackers to inject arbitrary code on the server, undermine integrity of backup files.....

WordPress Automatic Plugin <3.92.1 - Arbitrary File Download and SSRF

WordPress Automatic plugin &lt;3.92.1 is vulnerable to unauthenticated Arbitrary File Download and SSRF Located in the downloader.php file, could permit attackers to download any file from a site. Sensitive data, including login credentials and backup files, could fall into the wrong hands. This...

Implementing Zero Trust Controls for Compliance

The ThreatLocker® Zero Trust Endpoint Protection Platform implements a strict deny-by-default, allow-by-exception security posture to give organizations the ability to set policy-based controls within their environment and mitigate countless cyber threats, including zero-days, unseen network...

Win32.STOP.Ransomware (Smokeloader) MVID-2024-0676 Remote Code Execution

...

CVE-2024-27921

Grav is an open-source, flat-file content management system. A file upload path traversal vulnerability has been identified in the application prior to version 1.7.45, enabling attackers to replace or create files with extensions like .json, .zip, .css, .gif, etc. This critical security flaw poses....

CVE-2024-27921

Grav is an open-source, flat-file content management system. A file upload path traversal vulnerability has been identified in the application prior to version 1.7.45, enabling attackers to replace or create files with extensions like .json, .zip, .css, .gif, etc. This critical security flaw poses....

CVE-2024-27921

Grav is an open-source, flat-file content management system. A file upload path traversal vulnerability has been identified in the application prior to version 1.7.45, enabling attackers to replace or create files with extensions like .json, .zip, .css, .gif, etc. This critical security flaw poses....

CVE-2024-27921 Grav File Upload Path Traversal vulnerability

Grav is an open-source, flat-file content management system. A file upload path traversal vulnerability has been identified in the application prior to version 1.7.45, enabling attackers to replace or create files with extensions like .json, .zip, .css, .gif, etc. This critical security flaw poses....

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 11, 2024 to March 17, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 163 vulnerabilities disclosed in 126...

Security Bulletin: Multiple vulnerabilities exists in the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Manager.

Summary Multiple vulnerabilities exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Manager IP Edition . CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850 Vulnerability Details ** CVEID:...

Making Sense of Operational Technology Attacks: The Past, Present, and Future

When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would...

CVE-2024-25811

An access control issue in Dreamer CMS v4.0.1 allows attackers to download backup files and leak sensitive...

CVE-2024-25811

An access control issue in Dreamer CMS v4.0.1 allows attackers to download backup files and leak sensitive...

Security Bulletin: Apache Derby affects IBM Spectrum Control [CVE-2022-46337]

Summary Apache Derby might allow a remote attacker to bypass security restrictions caused by an LDAP injection vulnerability in the authenticator. This vulnerability affects IBM Spectrum Control. This bulletin identifies the steps to take to mitigate the vulnerability. Vulnerability Details **...

Navigating Evolving Cybersecurity: Recent Trends and Future Outlook

“Those who fail to learn from history are doomed to repeat it." - Winston Churchill While Churchill may not have been the first person to use a variation of this quote, the essence of its meaning rang true then and still does today. In this spirit, and so that we may collectively learn and evolve.....

CVE-2023-7236

The Backup Bolt WordPress plugin through 1.3.0 is vulnerable to Information Exposure via the unprotected access of debug logs. This makes it possible for unauthenticated attackers to retrieve the debug log which may contain information like system errors which could contain sensitive...

CVE-2023-7236

The Backup Bolt WordPress plugin through 1.3.0 is vulnerable to Information Exposure via the unprotected access of debug logs. This makes it possible for unauthenticated attackers to retrieve the debug log which may contain information like system errors which could contain sensitive...

CVE-2023-7236 Backup Bolt <= 1.3.0 - Sensitive Data Exposure

The Backup Bolt WordPress plugin through 1.3.0 is vulnerable to Information Exposure via the unprotected access of debug logs. This makes it possible for unauthenticated attackers to retrieve the debug log which may contain information like system errors which could contain sensitive...

Gaining kernel code execution on an MTE-enabled Pixel 8

In this post, I'll look at CVE-2023-6241, a vulnerability in the Arm Mali GPU that I reported to Arm on November 15, 2023 and was fixed in the Arm Mali driver version r47p0, which was released publicly on December 14, 2023. It was fixed in Android in the March security update. When exploited, this....

BackWPup < 4.0.4 - Unauthenticated Backup Download

Description The plugin does not prevent visitors from leaking key information about ongoing backups, allowing unauthenticated attackers to download backups of a site's database. PoC 1) Ensure that Apache is configured with the ability to list directory content. 2) When this is done, you can see...

UPS Network Management Card 4 Path Traversal

...

Backuply – Backup, Restore, Migrate and Clone < 1.2.8 - Admin+ Directory Traversal

Description The Backuply – Backup, Restore, Migrate and Clone plugin is vulnerable to Directory Traversal via the backup_name parameter in the backuply_download_backup...

xbtitFM 4.1.18 - Multiple Vulnerabilities

...

Release Information for Veeam Backup for Microsoft Azure 6 Patch 1

Release Information for Veeam Backup for Microsoft Azure 6 Patch...

Release Information for Veeam Backup for AWS 7 Patch 1

Release Information for Veeam Backup for AWS 7 Patch...

Virtuozzo Hybrid Server 7.5 Update 6 Hotfix 1 (7.5.6-112)

The Hotfix 1 for Virtuozzo Hybrid Server 7.5 Update 6 introduces a new feature and provides stability and usability bug fixes. Vulnerability id: PSBM-154494 Virtuozzo Automator Agent could fail to return disk statistics for some stopped containers. Vulnerability id: PSBM-154488 Downloading the...