CVE-2023-4588 File accessibility vulnerability in Delinea Secret Server

File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application's webroot directory, changing the default backup...

Tinycontrol LAN Controller 3 Remote Credential Extraction Exploit

!/usr/bin/env python Tinycontrol LAN Controller v3 LK3 Remote Credentials Extraction PoC Vendor: Tinycontrol Product web page: https://www.tinycontrol.pl Affected version: this with a calendar when - then. The device provides a user interface in the form of a web page. The website presents readin...

CVE-2023-39001

A command injection vulnerability in the component diagbackup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file...

PT-2023-26727 · Opnsense · Opnsense Community Edition +1

Name of the Vulnerable Software and Affected Versions: OPNsense Community Edition versions prior to 23.7 OPNsense Business Edition versions prior to 23.4.2 Description: A command injection issue in the diag backup.php component allows attackers to execute arbitrary commands via a crafted backup...

PT-2023-5025 · Unknown · Conversations

Name of the Vulnerable Software and Affected Versions: Conversations affected versions not specified Description: The issue is related to insufficient input validation in the Conversations instant messaging software. Exploitation of this issue could allow a remote attacker to gain unauthorized...

Vulnerability fixed in Zimbra collaboration suite

A vulnerability has been fixed in Zimbra Collaboration Suite. The vulnerability allows a malicious party to launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the context of the victim's victim's browser, or potentially access sensitive data in the...

CVE-2023-28365

A backup file vulnerability found in UniFi applications Version 7.3.83 and earlier running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored...

CVE-2023-28365

Summary (verified): CVE-2023-28365 is a backup file vulnerability in UniFi applications (≤ 7.3.83) on Linux that allows an administrator to execute malicious commands on the host during a restore. The NVD entry lists a high-severity CVSSv3.1 base score (9.1) with network attack vector, high impac...

CVE-2023-28365

A backup file vulnerability found in UniFi applications Version 7.3.83 and earlier running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored...

CVE-2023-36144

An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration...

CVE-2023-36144

An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration...

CVE-2023-36144

An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration...

PT-2023-21675 · Ubiquiti · Unifi

Name of the Vulnerable Software and Affected Versions: UniFi versions 7.3.83 and earlier Description: A backup file vulnerability found in UniFi applications running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored...

PT-2023-25454 · Intelbras · Intelbras Switch Sg 2404 Mr

Name of the Vulnerable Software and Affected Versions: Intelbras Switch SG 2404 MR version 1.00.54 Description: The issue is related to an authentication bypass that allows an unauthenticated attacker to download the device's backup file, exposing critical configuration information...

Zstore 6.5.4 Database Disclosure

==================================================================================================================================== | Title : Zstore version 6.5.4 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit ...

Design/Logic Flaw

Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a backup file containing a modified "users.json" to the web server of the device, allowing him to replace the administrator password...

CVE-2022-47192 Admin password reset via file upload vulnerability in Generex CS141

Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a backup file containing a modified "users.json" to the web server of the device, allowing him to replace the administrator password...

PT-2023-15232 · Generex · Generex Ups Cs141

Name of the Vulnerable Software and Affected Versions: Generex UPS CS141 versions prior to 2.06 Description: The issue allows a remote attacker to upload a backup file containing a modified users.json to the web server of the device, enabling them to replace the administrator password...

DSL-124 Wireless N300 ADSL2+ - Backup File Disclosure

Exploit Title: DSL-124 Wireless N300 ADSL2+ - Backup File Disclosure Date: 2022-11-10 Exploit Author: Aryan Chehreghani Vendor Homepage: https://www.dlink.com Software Link: https://dlinkmea.com/index.php/product/details?det=dU1iNFc4cWRsdUpjWEpETFlSeFlZdz09 Firmware Version: ME1.00 Tested on:...

CVE-2023-28330 Moodle: authenticated arbitrary file read through malformed backup file

Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default...