TP-LINK AX10 代码注入漏洞

TP-LINK AX10 is a router from TP-LINK, China. TP-LINK AX10 version 1.3.1 is vulnerable to a code injection vulnerability, which stems from the ability to execute arbitrary code via a specially crafted backup file. An attacker could use this vulnerability to generate illegal code segments that...

PT-2022-25402 · Tp Link · Tp Link Archer Ax10

Name of the Vulnerable Software and Affected Versions: TP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. 574505553 Description: The issue allows authenticated attackers to execute arbitrary code via a crafted backup file. Recommendations: For TP Link Archer AX10 V1 Firmware Versio...

WordPress Duplicator 1.4.6 Plugin - Unauthenticated Backup Download Vulnerability

Exploit Title: WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download Exploit Author: SecuriTrust Vendor Homepage: https://snapcreek.com/ Software Link: https://wordpress.org/plugins/duplicator/ Version: 1.4.7 Tested on: Linux, Windows CVE : CVE-2022-2551 Reference:...

SUSE-SU-2022:1932-1 Security update for patch

This update for patch fixes the following issues: Security fixes: - CVE-2019-13636: Fixed mishandled following of symlinks in certain cases other than input files bsc1142041. - CVE-2018-6952: Fixed double free of memory in pch.c:anotherhunk bsc1080985. Bugfixes: - Pass the correct stat to backup...

CVE-2022-26944

Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONASCHEMA.xtrabackuphistory table. NOTE:...

CVE-2022-26944

Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONASCHEMA.xtrabackuphistory table. NOTE:...

Design/Logic Flaw

Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONASCHEMA.xtrabackuphistory table. NOTE:...

CVE-2022-26944

Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONASCHEMA.xtrabackuphistory table. NOTE:...

CVE-2022-26944

Percona XtraBackup 2.4.20 is affected by CVE-2022-26944 and CVE-2020-10997 due to an information exposure: the command line and runtime arguments are written to backup outputs and, when --history is used, to the PERCONA_SCHEMA.xtrabackup_history table. The issue stems from an incomplete fix for C...

SUSE-SU-2022:1925-1 Security update for patch

This update for patch fixes the following issues: Security issues fixed: - CVE-2019-13636: Fixed follow symlinks unless --follow-symlinks is given. This increases the security against malicious patches bsc1142041. - CVE-2018-6952: Fixed swapping fakelines in pchswap. This bug was causing a double...

CVE-2022-28451

nopCommerce 4.50.1 is vulnerable to Directory Traversal via the backup file in the Maintenance feature...

CVE-2022-28451

nopCommerce 4.50.1 is vulnerable to Directory Traversal via the backup file in the Maintenance feature...

CVE-2022-28451

nopCommerce 4.50.1 is vulnerable to Directory Traversal via the backup file in the Maintenance feature...

Cross site request forgery (csrf)

The Church Admin WordPress plugin before 3.4.135 does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated attackers to repeatedly request the "refresh-backup" action, and simultaneously keep requesting a publicly accessible temporary file...

Moodle Input Validation Error Vulnerability (CNVD-2021-92540)

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. a security vulnerability exists in Moodle, which stems from a problem when the software restores backup files. an attacker could...

Moodle 输入验证错误漏洞

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. a security vulnerability exists in Moodle, which stems from a problem when the software restores backup files. an attacker could...

Design/Logic Flaw

Backup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data Manager – SDM600 allows attacker to gain access to sensitive information. This issue affects: Hitachi ABB Power Grids System Data Manager – SDM600 1.2 versions prior to FP2 HF6 Build Nr. 1.2.14002.257...

Versa Networks Versa Director 安全漏洞

Versa Networks Versa Director is a virtualization and service creation platform from Versa Networks, USA. It simplifies the creation, automation and delivery of services using Versa FlexVNF. A security vulnerability exists in Versa Director that stems from an unencrypted backup file containing...

CVE-2020-23765

A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. If an attacker is able to gain Administrator rights they will be able to use unsafe plugins to upload a backup file and control the server...

CVE-2021-31737

emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution vulnerability due to upload of database backup file in admin/data.php...