24 matches found
EUVD-2015-4142
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2025-25747
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross Site Scripting vulnerability in DigitalDruid HotelDruid v.3.0.7 allows an attacker to execute arbitrary code and obtain sensitive information via the...
CVE-2025-55295 qBit Manage Path Traversal Vulnerability
qBit Manage is a tool that helps manage tedious tasks in qBittorrent and automate them. A path traversal vulnerability exists in qbitmanage's web API that allows authenticated users to read arbitrary files from the server filesystem through the restoreconfigfrombackup endpoint. The vulnerability...
Xorcom CompletePBX Authenticated File Disclosure via Backup Download
This module exploits an authenticated file disclosure vulnerability in CompletePBX use auxiliary/scanner/http/xorcomcompletepbxfiledisclosure msf auxiliaryxorcomcompletepbxfiledisclosure show actions ...actions... msf auxiliaryxorcomcompletepbxfiledisclosure set ACTION msf...
CVE-2019-10662
Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI...
CVE-2019-6691
phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=backup=backup=doback tabledb parameter, related to the "--backup database" option...
CVE-2025-25747
Cross Site Scripting vulnerability in DigitalDruid HotelDruid v.3.0.7 allows an attacker to execute arbitrary code and obtain sensitive information via the ripristinabackup parameter in the creabackup.php endpoint...
PT-2024-30063 · Pligg Cms · Pligg Cms
Name of the Vulnerable Software and Affected Versions: Pligg CMS version 2.0.2 Description: A Cross-Site Request Forgery CSRF issue was found in Pligg CMS. The vulnerability can be exploited via the /admin/admin backup.php endpoint with the dobackup parameter set to files. This allows an attacker...
PT-2024-30059 · Pligg Cms · Pligg Cms
Name of the Vulnerable Software and Affected Versions: Pligg CMS version 2.0.2 Description: A Cross-Site Request Forgery CSRF issue was found in Pligg CMS. The vulnerability can be exploited via the /admin/admin backup.php endpoint with the dobackup parameter set to database. Recommendations: For...
Fortinet FortiWeb 操作系统命令注入漏洞
Fortinet FortiWeb is a Web application layer firewall from the U.S. company Fita Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks to ensure the security of Web applications and protect sensitive database content...
Fortinet FortiWeb Buffer Overflow Vulnerability
Fortinet FortiWeb is a Web application layer firewall from the U.S. company Fita Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks to ensure the security of Web applications and protect sensitive database content. A...
Fortinet FortiWeb 操作系统命令注入漏洞
Fortinet FortiWeb is a Web application layer firewall from the U.S. company Fita Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks to ensure the security of Web applications and protect sensitive database content. A...
Fortinet FortiWeb 缓冲区错误漏洞
Fortinet FortiWeb is a Web application layer firewall from the U.S. company Fita Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks to ensure the security of Web applications and protect sensitive database content. A...
Code injection
Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI...
CVE-2019-6691
phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=backup&c=backup&a=doback tabledb parameter, related to the "--backup database" option...
CVE-2019-6691
phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=backup&c=backup&a=doback tabledb parameter, related to the "--backup database" option...
CVE-2015-4117
Vesta Control Panel before 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup parameter to list/backup/index.php...
Design/Logic Flaw
Vesta Control Panel before 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup parameter to list/backup/index.php...
CVE-2015-4117
Vesta Control Panel before 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup parameter to list/backup/index.php...
Vesta Control Panel OS Command Injection Vulnerability
Vesta Control Panel is an open source web hosting control panel. Vesta Control Panel has a security vulnerability. Because the input passed to "/list/backup/index.php" via the "backup" HTTP GET parameter is not sufficiently filtered before using the PHP 'exec' function, a remote attacker can inje...