GHSA-277H-PX4M-62Q8 @saltcorn/server arbitrary file zip read and download when downloading auto backups

Summary A user with admin permission can read and download arbitrary zip files when downloading auto backups. The file name used to identify the zip file is not properly sanitized when passed to res.download API. Details - file:...

@saltcorn/server arbitrary file zip read and download when downloading auto backups

Summary A user with admin permission can read and download arbitrary zip files when downloading auto backups. The file name used to identify the zip file is not properly sanitized when passed to res.download API. Details - file:...

PT-2024-40013 · Saltcorn · Saltcorn

Name of the Vulnerable Software and Affected Versions: Saltcorn versions 1.0.0 through 1.0.0-beta.13 Description: A user with admin permission can read and download arbitrary zip files when downloading auto backups. The file name used to identify the zip file is not properly sanitized when passed...

Threat Brief: Understanding Akira Ransomware

Overview Akira is a prolific ransomware that has been operating since March 2023 and has targeted multiple industries, primarily in North America, the UK, and Australia. It functions as a Ransomware as a Service RaaS and exfiltrates data prior to encryption, achieving double extortion. According ...

CVE-2024-20442

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. This vulnerability is due to insufficient authorization controls on some REST API endpoints. An attacker...

Cisco Nexus Dashboard 安全漏洞

Cisco Nexus Dashboard is a single console from Cisco, Inc. It can simplify the operation and management of data center networks. A security vulnerability exists in Cisco Nexus Dashboard that stems from improper storage of sensitive information in configuration-only and full backup files. Allowing...

WordPress plugin WPvivid 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-38261 · WordPress · Migration

Name of the Vulnerable Software and Affected Versions: Migration, Backup, Staging WordPress plugin versions prior to 0.9.106 Description: The issue concerns the insufficient randomness in filenames created during backup generation, which could be bruteforced by attackers to leak sensitive...

Acronis多款产品 安全漏洞

Acronis Backup plugin for cPanel & WHM Linux, etc. is a plugin from Acronis Switzerland. A security vulnerability exists in various Acronis products, which stems from an unnecessary privilege assignment leading to the disclosure of sensitive data. The following products and versions are affected:...

Veeam Kasten GSB backups fail with the error "mkdir /tmp/kopia-log: read-only file system"

Challenge The backup for the workloads that uses Generic Storage Backup GSB fails with the error: mkdir /tmp/kopia-log: read-only file system\r\nUnable to create logs directory: mkdir /tmp/kopia-log: read-only file system Cause Veeam Kasten for Kubernetes 's datamover needs write access to the /t...

PT-2024-31598 · Unknown · Authenticator

Name of the Vulnerable Software and Affected Versions: Authenticator versions prior to 8.0.0 Description: The Authenticator browser extension generates two-step verification codes. In versions prior to 8.0.0, encryption keys for user data were stored encrypted at-rest using only AES-256 and the E...

NetIQ Advanced Authentication 安全漏洞

NetIQ Advanced Authentication is an application from NetIQ UK. It provides a more secure way to protect your sensitive information by moving away from usernames and passwords. A command execution vulnerability exists in NetIQ Advanced Authentication versions prior to 6.3.5.1, which can be exploit...

Virtuozzo Hybrid Infrastructure 6.2 Update 1 (6.2.1-51)

In this release, Virtuozzo Hybrid Infrastructure provides stability and performance improvements, as well as addresses issues found in previous releases. Vulnerability id: VSTOR-68405 Failed to deploy the compute cluster due to an issue with the default storage policy. Vulnerability id: VSTOR-880...

UBUNTU-CVE-2024-6384

"Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier. This issue affects MongoDB Enterprise Server v6.0 versions prior to 6.0.16, MongoDB Enterprise Server v7.0 versions prior to 7.0.11 and MongoDB Enterprise Server v7.3 versio...

PT-2024-6361 · Mongodb +1 · Mongodb Enterprise Server +2

Name of the Vulnerable Software and Affected Versions: MongoDB Enterprise Server versions prior to 6.0.16 MongoDB Enterprise Server versions prior to 7.0.11 MongoDB Enterprise Server versions prior to 7.3.3 Description: Underprivileged users may download "hot" backup files if they can acquire a...

Alternative Method for Migrating Backups to Hardened Linux Repository

Please review the information in this article closely before performing any actions documented herein. This article documents a series of steps that if not performed precisely as documented, could result in data loss. Purpose This article documents an alternative method for migrating backups from...

CVE-2024-39118

Mommy Heather Advanced Backups up to v3.5.3 allows attackers to write arbitrary files via restoring a crafted back up...

CVE-2024-39118

Mommy Heather Advanced Backups up to v3.5.3 allows attackers to write arbitrary files via restoring a crafted back up...

CVE-2024-39865

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP1. The affected application allows users to upload encrypted backup files. As part of this backup, files can be restored without correctly checking the path of the restored file. This could allow an attacker...

CVE-2024-39866

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP1. The affected application allows users to upload encrypted backup files. This could allow an attacker with access to the backup encryption key and with the right to upload backup files to create a user with...