CVE-2022-47732

In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which...

CVE-2022-40486

TP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. 574505553 was discovered to allow authenticated attackers to execute arbitrary code via a crafted backup file...

CVE-2022-30075

In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation...

CVE-2020-11918

An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. When a backup file is created through the web interface, information on all users, including passwords, can be found in cleartext in the backup file. An attacker capable of accessing the web interface can create the backup file...

CVE-2025-43596

An insecure file system permissions vulnerability in MSP360 Backup 8.0 allows a low privileged user to execute commands with SYSTEM level privileges using a specially crafted file with an arbitrary file backup target. Upgrade to MSP360 Backup 8.1.1.19 released on 2025-05-15...

CVE-2020-11449

An issue was discovered on Technicolor TC7337 8.89.17 devices. An attacker can discover admin credentials in the backup file, aka backupsettings.conf...

CVE-2019-6693

Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords except the...

CVE-2019-19889

An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 201608171855 devices. The attacker can discover admin credentials in the backup file, aka backupsettings.conf...

CVE-2017-18391

cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval SEC-323...

CVE-2013-3687

AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models use cleartext to store sensitive information, which allows attackers to obtain passwords, user names, and other sensitive information by reading an unspecified backup file...

D-Link DI-7003GV2 /H5/backup.asp File Denial of Service Vulnerability

The D-Link DI-7003GV2 is a router from China-based AUO D-Link. The D-Link DI-7003GV2 suffers from a denial of service vulnerability that originates from improper access control in the function sub4983B0 in file /H5/backup.asp, which can be exploited by an attacker to cause a denial of service...

Citrix NetScaler Automated backup job is failing after recent upgrade.

After upgrading to NetScaler firmware 13.1.56.x or later , attempts to download backup files using the Nitro API may fail. Customers using automation tools such as Ansible , Postman , or custom scripts may receive the following error when downloading files through the systemfile endpoint: Main...

WordPress plugin Database Toolset 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

CVE-2025-20178

A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating system. This vulnerability is due to insufficient integrity...

CVE-2025-3729

A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This issue affects some unknown processing of the file backup.php of the component Database Backup Handler. The manipulation of the argument txtdbname leads to os...

CVE-2025-20178

CVE-2025-20178 affects Cisco Secure Network Analytics (web-based management interface). An authenticated attacker with valid administrative credentials can restore a malicious backup file to the device, exploiting insufficient integrity checks in device backups to obtain shell access as root on t...

Cisco Secure Network Analytics Privilege Escalation Vulnerability

A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating system. This vulnerability is due to insufficient integrity...

SourceCodester Web-based Pharmacy Product Management System 命令注入漏洞

SourceCodester Web-based Pharmacy Product Management System is a SourceCodester open source Web-based pharmacy product management system. A command injection vulnerability exists in version 1.0 of the SourceCodester Web-based Pharmacy Product Management System, which is caused by incorrect...

CVE-2024-54525

A logic issue was addressed with improved file handling. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Restoring a maliciously crafted backup file may lead to modification of protected system files...

WordPress File Manager Plugin < 6.5 Information Disclosure Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:webdesi9:filemanager"; if description...