42 matches found
PT-2023-31777 · WordPress · Wpvivid
Name of the Vulnerable Software and Affected Versions: Migration, Backup, Staging – WPvivid plugin for WordPress versions up to, and including, 0.9.89 Description: The issue is related to Stored Cross-Site Scripting via admin settings, specifically the backup path parameter, due to insufficient...
CVE-2023-28864
Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. The data...
Progress Software Chef Infra Server 安全漏洞
Progress Software Chef Infra Server is an application from Progress Software, Inc. It is used to act as a hub for configuration data. A security vulnerability exists in Progress Software Chef Infra Server versions prior to 15.7, which stems from a vulnerability that allows a local attacker to...
CVE-2023-28864
Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. The data...
CVE-2023-28864
Removed by vendor...
CVE-2023-27180
GDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup feature which is accessible via /admin/backup.php...
CVE-2022-28527
dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del...
CVE-2021-25392
Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path...
CVE-2021-25392
Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path...
Path traversal
Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path...
Samsung SMR 加密问题漏洞
Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. An encryption issue vulnerability exists in SMR MAY-2021 Release 1. The vulnerability stems from the application's improperly protected Samsung Dex backup path configuration, which...
CVE-2021-27616
Under certain conditions, SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One for SAP HANA, allows an attacker to exploit an insecure temporary backup path and to access information which would otherwise be restricted, resulting in...
CVE-2021-27616
Under certain conditions, SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One for SAP HANA, allows an attacker to exploit an insecure temporary backup path and to access information which would otherwise be restricted, resulting in...
SAP Business One 权限许可和访问控制问题漏洞
SAP Business One is a suite of enterprise management software from SAP, a German company. SAP Business One Hana Chef Cookbook is vulnerable to permission and access control issues, which could be exploited by attackers to access information via a temporary backup path...
CVE-2019-12564
In DouCo DouPHP v1.5 Release 20190516, remote attackers can view the database backup file via a brute-force guessing approach for data/backup/DyyyymmddThhmmss.sql filenames...
HAIRUICMS v2.1.4 Database Backup Vulnerability in DataM.asp File
HAIRUICMS HAIRUICMS is developed by HAIRUICMS based on Microsoft ASP and general ACCESS/MSSQL database. A database backup vulnerability exists in the HAIRUICMS v2.1.4 DataM.asp file. The vulnerability is caused by not filtering both the database path to be backed up and the backup storage path,...
CVE-2018-7317
Backup Download exists in the Proclaim 9.1.1 component for Joomla! via a direct request for a .sql file under backup/...
CVE-2017-14105
HiveManager Classic through 8.1r1 allows arbitrary JSP code execution by modifying a backup archive before a restore, because the restore feature does not validate pathnames within the archive. An authenticated, local attacker - even restricted as a tenant - can add a jsp at...
Path for daily backup is configurable through WEB UI
It is possible to set the daily backup path and partial name through the web UI. This could mean that information can be obtained by a rouge admin. This issue addresses that by introducing a flag so concerned administrators can remove this feature. This flag is set to false by default meaning it ...
CVE-2010-1165
Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the 1 attachment aka attachments, 2 index aka indexing, or 3 backup path and then uploading a file, as exploited in the wild in April 2010...