189 matches found
CVE-2024-20275
A vulnerability in the cluster backup feature of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. This vulnerability is due to...
Kliqqi CMS 安全漏洞
Kliqqi CMS Pligg CMS is Kliqqi open source a content management system . Kliqqi CMS v2.0.2 version of a cross-site request forgery vulnerability , the vulnerability stems from /admin/adminbackup.php?dobackup=clearall does not adequately verify that the request is from a trusted user , an attacker...
CVE-2024-6384 Backup files may be downloaded by underprivileged users in MongoDB Enterprise Server
"Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier. This issue affects MongoDB Enterprise Server v6.0 versions prior to 6.0.16, MongoDB Enterprise Server v7.0 versions prior to 7.0.11 and MongoDB Enterprise Server v7.3 versio...
Net Titanium Technology idcCMS Security Breach
Net Titanium Technology idcCMS Net Titanium IDC Cloud Management Agent System is a cloud management agent system from China's Net Titanium Technology Net Titanium Technology. A security vulnerability exists in Net Titanium Technology idcCMS v1.35, which was discovered to contain a Cross Site...
CVE-2024-29965 Insecure backup
In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface "SSH". The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the...
BIT-PERCONA-XTRABACKUP-BINARY-2022-26944
Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONASCHEMA.xtrabackuphistory table. NOTE:...
CVE-2024-22432
Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config file during backup duration in NMDA MySQL Database backups. User has low privilege access to Networker Client system could potentially exploit this vulnerability, leading to the disclosure of configure...
CVE-2023-36620
An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The app is missing the android:allowBackup="false" attribute in the manifest. This allows the user to backup the internal memory of the app to a PC. This gives the user access to the API token that is...
CVE-2023-36620
CVE-2023-36620 affects the Boomerang Parental Control Android app prior to version 13.83. The root cause is the manifest lacking android:allowBackup="false", enabling local backups of the app’s internal memory to a PC. This backup exposure grants access to the API token used for authenticating AP...
The vulnerability of backup and data recovery software on computers and servers with Acronis Agent allows attackers to gain unauthorized access to protected information.
Acronis Agent’s backup and recovery software for computers and servers involves exposing protected information. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...
The vulnerability of backup and data recovery software on computers and servers with Acronis Agent, related to authentication errors, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of backup and data recovery software on computers and servers with Acronis Agent is related to authentication errors. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-38035 Ivanti Sentry Authentication Bypass Vulnerability CVE-2023-27532 Veeam Backup & Replication Cloud Connect Missing Authentication for Critical Function...
CVE-2023-28365
A backup file vulnerability found in UniFi applications Version 7.3.83 and earlier running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored...
Design/Logic Flaw
A backup file vulnerability found in UniFi applications Version 7.3.83 and earlier running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored...
GDidees CMS 安全漏洞
GDidees CMS is a website builder from GDidees. A security vulnerability exists in GDidees CMS version v3.9.1, which originates from a source code leak for the backup function. An attacker can exploit the vulnerability to access the code via /admin/backup.php...
CVE-2023-28107 Discourse vulnerable to multisite DoS by spamming backups
Discourse is an open-source discussion platform. Prior to version 3.0.2 of the stable branch and version 3.1.0.beta3 of the beta and tests-passed branches, a user logged as an administrator can request backups multiple times, which will eat up all the connections to the DB. If this is done on a...
CVE-2021-25059 Download Plugin < 2.0.0 - Subscriber+ Website Download
The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site such as subscriber to download a full copy of the website...
PT-2022-23510 · Unknown · Arq Backup
Name of the Vulnerable Software and Affected Versions: Arq Backup versions 7.19.5.0 and below Description: The issue allows attackers with administrative privileges to recover cleartext passwords because Arq Backup stores backup encryption passwords using reversible encryption. Recommendations: F...
VitalPBX 安全特征问题漏洞
VitalPBX is an Asterisk-based unified communications PBX system. It supports deployment on both virtual or physical machines, as well as in cloud server environments. An Access Control Error vulnerability exists in VitalPBX versions prior to 3.2.1, which stems from a lack of access control in the...
CVE-2022-0633
The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site such as subscriber to download the most recent site & database...