CVE-2024-51251

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the backup function...

CVE-2024-51251

Summary: CVE-2024-51251 affects DrayTek Vigor3900 firmware 1.5.1.3. The vulnerability allows an attacker to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the backup function. Affected product: DrayTek Vigor3900 (firmware 1.5.1.3). Root cause / vector: W...

CVE-2024-51251

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the backup function...

Arbitrary File Overwrite

aim is vulnerable to Arbitrary File Overwrite. The vulnerability is due to improper handling of the runhash and repo.path parameters in the backuprun-function, allowing any file on the host server to be overwritten and arbitrary data to be exfiltrated...

Apache Solr Backup/Restore API Remote Code Execution Exploit

Apache Solr versions 6.0.0 through 8.11.2 and versions 9.0.0 up to 9.4.1 are affected by an unrestricted file upload vulnerability which can result in remote code execution in the context of the user running Apache Solr. When Apache Solr creates a Collection, it will use a specific directory as t...

JetBackup < 2.0.9.9 - Directory Listing Exposing Backups

Description The plugin doesn't use index files to prevent public directory listing of sensitive directories in certain configurations, which allows malicious actors to leak backup files. A partial fix was released in 2.0.9.6, removing the ability to list the directory but still allowing direct...

FastDup – Fastest WordPress Migration & Duplicator < 2.2 - Directory Listing to Account Takeover and Sensitive Data Exposure

Description The plugin does not prevent directory listing in sensitive directories containing export files. PoC 1 Run backup function http://yoursite/wordpress/wp-admin/admin.php?page=njt-fastdup/ 2 During backup creation, you can intercept the following paths:...

Dreamer CMS 跨站请求伪造漏洞

Dreamer CMS is a dreamer content management system. A cross-site request forgery vulnerability exists in Dreamer CMS v4.1.3, which stems from the component /admin/database/backup not adequately verifying whether a request comes from a trusted user, and can be exploited by an attacker to forge a...

Remote code execution

The database backup function in Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior lacks proper authentication. An attacker could provide malicious serialized objects which, when deserialized, could activate an opcode for a backup scheduling function without authentication...

CVE-2022-36557

Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain an arbitrary file upload vulnerability via the restore backup function. This vulnerability allows attackers to execute arbitrary code via a crafted html file...

PT-2022-23466 · Seiko · Seiko Skybridge Mb-A100/A110

Name of the Vulnerable Software and Affected Versions: Seiko SkyBridge MB-A100/A110 versions 4.2.0 and below Description: The issue allows attackers to execute arbitrary code via a crafted html file, exploiting an arbitrary file upload vulnerability through the restore backup function...

GHSA-7X8G-H246-GVX3 Dolibarr authenticated Remote Code Execution

Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilenametemplate parameter to admin/tools/dolibarrexport.php...

Dolibarr authenticated Remote Code Execution

Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilenametemplate parameter to admin/tools/dolibarrexport.php...

CVE-2020-35136

Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilenametemplate parameter to admin/tools/dolibarrexport.php...

Remote code execution

Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilenametemplate parameter to admin/tools/dolibarrexport.php...

CVE-2020-35136

Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilenametemplate parameter to admin/tools/dolibarrexport.php...

CVE-2020-35136

Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilenametemplate parameter to admin/tools/dolibarrexport.php...

CVE-2020-21527

There is an Arbitrary file deletion vulnerability in halo v1.1.3. A backup function in the background allows a user, when deleting their backup files, to delete any files on the system through directory traversal...

CVE-2020-21527

There is an Arbitrary file deletion vulnerability in halo v1.1.3. A backup function in the background allows a user, when deleting their backup files, to delete any files on the system through directory traversal...

Teclib GLPI Injection Vulnerability

Teclib GLPI is an open source IT asset management suite from the French company Teclib. The suite includes features such as device status management, asset inventory storage, management processes and work log management. Teclib GLPI has an injection vulnerability. An attacker could exploit this...