Lucene search
+L

189 matches found

OSV
OSV
added 2024/10/23 5:15 p.m.4 views

CVE-2024-20275

A vulnerability in the cluster backup feature of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. This vulnerability is due to...

6.1CVSS6.2AI score0.00509EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/08/20 12:0 a.m.3 views

Kliqqi CMS 安全漏洞

Kliqqi CMS Pligg CMS is Kliqqi open source a content management system . Kliqqi CMS v2.0.2 version of a cross-site request forgery vulnerability , the vulnerability stems from /admin/adminbackup.php?dobackup=clearall does not adequately verify that the request is from a trusted user , an attacker...

8.8CVSS6.8AI score0.00201EPSS
Exploits1References2
OSV
OSV
added 2024/08/13 2:22 p.m.10 views

CVE-2024-6384 Backup files may be downloaded by underprivileged users in MongoDB Enterprise Server

"Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier. This issue affects MongoDB Enterprise Server v6.0 versions prior to 6.0.16, MongoDB Enterprise Server v7.0 versions prior to 7.0.11 and MongoDB Enterprise Server v7.3 versio...

5.3CVSS6.1AI score0.00428EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/07/10 12:0 a.m.4 views

Net Titanium Technology idcCMS Security Breach

Net Titanium Technology idcCMS Net Titanium IDC Cloud Management Agent System is a cloud management agent system from China's Net Titanium Technology Net Titanium Technology. A security vulnerability exists in Net Titanium Technology idcCMS v1.35, which was discovered to contain a Cross Site...

8.8CVSS7.1AI score0.00301EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/04/19 4:48 a.m.33 views

CVE-2024-29965 Insecure backup

In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface "SSH". The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the...

6.8CVSS6.8AI score0.00411EPSS
Exploits0References1
OSV
OSV
added 2024/03/06 11:0 a.m.20 views

BIT-PERCONA-XTRABACKUP-BINARY-2022-26944

Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONASCHEMA.xtrabackuphistory table. NOTE:...

6.5CVSS6.6AI score0.00851EPSS
Exploits0References2
OSV
OSV
added 2024/01/25 3:15 p.m.4 views

CVE-2024-22432

Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config file during backup duration in NMDA MySQL Database backups. User has low privilege access to Networker Client system could potentially exploit this vulnerability, leading to the disclosure of configure...

6.5CVSS5.7AI score0.00136EPSS
Exploits0References1
NVD
NVD
added 2023/11/03 4:15 a.m.25 views

CVE-2023-36620

An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The app is missing the android:allowBackup="false" attribute in the manifest. This allows the user to backup the internal memory of the app to a PC. This gives the user access to the API token that is...

4.6CVSS4.7AI score0.00538EPSS
Exploits2References3
CVE
CVE
added 2023/11/03 12:0 a.m.56 views

CVE-2023-36620

CVE-2023-36620 affects the Boomerang Parental Control Android app prior to version 13.83. The root cause is the manifest lacking android:allowBackup="false", enabling local backups of the app’s internal memory to a PC. This backup exposure grants access to the API token used for authenticating AP...

4.6CVSS4.7AI score0.00538EPSS
Exploits2References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/10/10 12:0 a.m.9 views

The vulnerability of backup and data recovery software on computers and servers with Acronis Agent allows attackers to gain unauthorized access to protected information.

Acronis Agent’s backup and recovery software for computers and servers involves exposing protected information. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...

3.3CVSS5.3AI score0.0017EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/10/10 12:0 a.m.7 views

The vulnerability of backup and data recovery software on computers and servers with Acronis Agent, related to authentication errors, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of backup and data recovery software on computers and servers with Acronis Agent is related to authentication errors. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...

5.5CVSS5.3AI score0.00168EPSS
Exploits0References2
CISA
CISA
added 2023/08/22 12:0 p.m.16 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-38035 Ivanti Sentry Authentication Bypass Vulnerability CVE-2023-27532 Veeam Backup & Replication Cloud Connect Missing Authentication for Critical Function...

9.8CVSS7.3AI score0.99949EPSS
In wildExploits10References7
OSV
OSV
added 2023/07/01 12:15 a.m.2 views

CVE-2023-28365

A backup file vulnerability found in UniFi applications Version 7.3.83 and earlier running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored...

9.1CVSS5.9AI score
Exploits0References1
Prion
Prion
added 2023/07/01 12:15 a.m.30 views

Design/Logic Flaw

A backup file vulnerability found in UniFi applications Version 7.3.83 and earlier running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored...

5.8CVSS9.1AI score0.00757EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/04/07 12:0 a.m.6 views

GDidees CMS 安全漏洞

GDidees CMS is a website builder from GDidees. A security vulnerability exists in GDidees CMS version v3.9.1, which originates from a source code leak for the backup function. An attacker can exploit the vulnerability to access the code via /admin/backup.php...

7.5CVSS7.5AI score0.0105EPSS
Exploits1References4
OSV
OSV
added 2023/03/17 4:23 p.m.27 views

CVE-2023-28107 Discourse vulnerable to multisite DoS by spamming backups

Discourse is an open-source discussion platform. Prior to version 3.0.2 of the stable branch and version 3.1.0.beta3 of the beta and tests-passed branches, a user logged as an administrator can request backups multiple times, which will eat up all the connections to the DB. If this is done on a...

4.5CVSS4.9AI score0.00652EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2022/11/28 1:47 p.m.7 views

CVE-2021-25059 Download Plugin < 2.0.0 - Subscriber+ Website Download

The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site such as subscriber to download a full copy of the website...

4.9AI score0.00633EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/09/09 12:0 a.m.7 views

PT-2022-23510 · Unknown · Arq Backup

Name of the Vulnerable Software and Affected Versions: Arq Backup versions 7.19.5.0 and below Description: The issue allows attackers with administrative privileges to recover cleartext passwords because Arq Backup stores backup encryption passwords using reversible encryption. Recommendations: F...

4.9CVSS5AI score0.00442EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/06/24 12:0 a.m.5 views

VitalPBX 安全特征问题漏洞

VitalPBX is an Asterisk-based unified communications PBX system. It supports deployment on both virtual or physical machines, as well as in cloud server environments. An Access Control Error vulnerability exists in VitalPBX versions prior to 3.2.1, which stems from a lack of access control in the...

4.9CVSS5.5AI score0.00886EPSS
Exploits1References3
OSV
OSV
added 2022/02/17 7:15 p.m.9 views

CVE-2022-0633

The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site such as subscriber to download the most recent site & database...

6.5CVSS5.6AI score0.0201EPSS
Exploits3References4
Rows per page
Query Builder