Lucene search
K

42 matches found

Positive Technologies
Positive Technologies
added 2023/10/20 12:0 a.m.7 views

PT-2023-31777 · WordPress · Wpvivid

Name of the Vulnerable Software and Affected Versions: Migration, Backup, Staging – WPvivid plugin for WordPress versions up to, and including, 0.9.89 Description: The issue is related to Stored Cross-Site Scripting via admin settings, specifically the backup path parameter, due to insufficient...

4.8CVSS5.2AI score0.00333EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2023/07/17 8:15 p.m.3 views

CVE-2023-28864

Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. The data...

5.5CVSS5.9AI score0.00247EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/07/17 12:0 a.m.5 views

Progress Software Chef Infra Server 安全漏洞

Progress Software Chef Infra Server is an application from Progress Software, Inc. It is used to act as a hub for configuration data. A security vulnerability exists in Progress Software Chef Infra Server versions prior to 15.7, which stems from a vulnerability that allows a local attacker to...

5.5CVSS5.7AI score0.00247EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/07/17 12:0 a.m.13 views

CVE-2023-28864

Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. The data...

6.4AI score0.00247EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2023/07/17 12:0 a.m.23 views

CVE-2023-28864

Removed by vendor...

5.5CVSS5.5AI score0.00247EPSS
Exploits0
OSV
OSV
added 2023/04/07 9:15 p.m.3 views

CVE-2023-27180

GDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup feature which is accessible via /admin/backup.php...

7.5CVSS7.2AI score0.0105EPSS
Exploits1References3
OSV
OSV
added 2022/04/26 9:15 p.m.3 views

CVE-2022-28527

dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del...

8.1CVSS7.4AI score0.01029EPSS
Exploits1References1
OSV
OSV
added 2021/06/11 3:15 p.m.5 views

CVE-2021-25392

Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path...

5.5CVSS6.3AI score0.00102EPSS
Exploits1References2
NVD
NVD
added 2021/06/11 3:15 p.m.20 views

CVE-2021-25392

Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path...

5.5CVSS0.00102EPSS
Exploits1References2
Prion
Prion
added 2021/06/11 3:15 p.m.18 views

Path traversal

Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path...

2.1CVSS5.3AI score0.00102EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2021/06/11 12:0 a.m.5 views

Samsung SMR 加密问题漏洞

Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. An encryption issue vulnerability exists in SMR MAY-2021 Release 1. The vulnerability stems from the application's improperly protected Samsung Dex backup path configuration, which...

5.5CVSS6.1AI score0.00102EPSS
Exploits1References3
NVD
NVD
added 2021/05/11 3:15 p.m.14 views

CVE-2021-27616

Under certain conditions, SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One for SAP HANA, allows an attacker to exploit an insecure temporary backup path and to access information which would otherwise be restricted, resulting in...

7.8CVSS0.00268EPSS
Exploits0References2
OSV
OSV
added 2021/05/11 3:15 p.m.5 views

CVE-2021-27616

Under certain conditions, SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One for SAP HANA, allows an attacker to exploit an insecure temporary backup path and to access information which would otherwise be restricted, resulting in...

7.8CVSS7.1AI score0.00268EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/05/11 12:0 a.m.5 views

SAP Business One 权限许可和访问控制问题漏洞

SAP Business One is a suite of enterprise management software from SAP, a German company. SAP Business One Hana Chef Cookbook is vulnerable to permission and access control issues, which could be exploited by attackers to access information via a temporary backup path...

7.8CVSS5.6AI score0.00268EPSS
Exploits0References3
OSV
OSV
added 2019/06/03 12:29 a.m.3 views

CVE-2019-12564

In DouCo DouPHP v1.5 Release 20190516, remote attackers can view the database backup file via a brute-force guessing approach for data/backup/DyyyymmddThhmmss.sql filenames...

9.8CVSS7.4AI score0.02011EPSS
Exploits1References1
CNVD
CNVD
added 2018/03/26 12:0 a.m.2 views

HAIRUICMS v2.1.4 Database Backup Vulnerability in DataM.asp File

HAIRUICMS HAIRUICMS is developed by HAIRUICMS based on Microsoft ASP and general ACCESS/MSSQL database. A database backup vulnerability exists in the HAIRUICMS v2.1.4 DataM.asp file. The vulnerability is caused by not filtering both the database path to be backed up and the backup storage path,...

6.8AI score
Exploits0
OSV
OSV
added 2018/02/22 7:29 p.m.3 views

CVE-2018-7317

Backup Download exists in the Proclaim 9.1.1 component for Joomla! via a direct request for a .sql file under backup/...

7.5CVSS5.8AI score0.08069EPSS
Exploits5References1
OSV
OSV
added 2017/09/01 5:29 p.m.5 views

CVE-2017-14105

HiveManager Classic through 8.1r1 allows arbitrary JSP code execution by modifying a backup archive before a restore, because the restore feature does not validate pathnames within the archive. An authenticated, local attacker - even restricted as a tenant - can add a jsp at...

7.8CVSS6.2AI score0.013EPSS
Exploits3References1
Atlassian
Atlassian
added 2010/04/22 4:27 a.m.22 views

Path for daily backup is configurable through WEB UI

It is possible to set the daily backup path and partial name through the web UI. This could mean that information can be obtained by a rouge admin. This issue addresses that by introducing a flag so concerned administrators can remove this feature. This flag is set to false by default meaning it ...

0.1AI score
Exploits0Affected Software1
NVD
NVD
added 2010/04/20 3:30 p.m.23 views

CVE-2010-1165

Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the 1 attachment aka attachments, 2 index aka indexing, or 3 backup path and then uploading a file, as exploited in the wild in April 2010...

9CVSS7.3AI score0.04436EPSS
Exploits0References8
Rows per page
Query Builder