1285 matches found
CVE-2024-39118
Mommy Heather Advanced Backups up to v3.5.3 allows attackers to write arbitrary files via restoring a crafted back up...
CVE-2024-39118
Mommy Heather Advanced Backups up to v3.5.3 allows attackers to write arbitrary files via restoring a crafted back up...
PT-2024-5084 · Siemens · Sinema Remote Connect Server
Name of the Vulnerable Software and Affected Versions: SINEMA Remote Connect Server versions prior to V3.2 SP1 Description: A vulnerability has been identified in the SINEMA Remote Connect Server that allows users to upload encrypted backup files without correctly checking the path of the restore...
Advanced Backups Security Vulnerability
Advanced Backups is a powerful backup mod for My World game by the individual developer Heather White. A security vulnerability exists in Advanced Backups v3.5.3 and earlier versions, which stems from a vulnerability that allows an attacker to write to arbitrary files by restoring a carefully...
CVE-2024-39118
CVE-2024-39118 affects Mommy Heather Advanced Backups up to v3.5.3. The vulnerability allows an attacker to write arbitrary files by restoring a crafted backup. Connected sources (Red Hat, PT-Security, etc.) confirm the affected software and the remediation guidance: upgrade to a version later th...
Weblate vulnerable to improper sanitization of project backups
Impact Weblate didn't correctly validate filenames when restoring project backup. It may be possible to gain unauthorized access to files on the server using a crafted ZIP file. Patches This issue has been addressed in Weblate 5.6.2 via...
GHSA-JFGP-674X-6Q4P Weblate vulnerable to improper sanitization of project backups
Impact Weblate didn't correctly validate filenames when restoring project backup. It may be possible to gain unauthorized access to files on the server using a crafted ZIP file. Patches This issue has been addressed in Weblate 5.6.2 via...
CVE-2024-5598
The Advanced File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.4 via the 'fmalocalfilesystem' function. This makes it possible for unauthenticated attackers to extract sensitive data including backups or other sensitive...
PT-2024-36632 · WordPress · Advanced File Manager
Name of the Vulnerable Software and Affected Versions: Advanced File Manager plugin for WordPress versions up to, and including, 5.2.4 Description: The issue allows unauthenticated attackers to extract sensitive data, including backups or other sensitive information, if the files have been moved ...
Exploit for Use of Password Hash With Insufficient Computational Effort in Fortinet Fortiproxy
FortiOS and FortiProxy Password Hashing Vulnerability to RCE...
CVE-2024-38329
IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially crafted request, an attacker could exploit this...
CVE-2024-38329
IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially crafted request, an attacker could exploit this...
CVE-2024-38329 IBM Storage Protect for Virtual Environments: Data Protection for VMware security bypass
IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially crafted request, an attacker could exploit this...
IBM Storage Protect 授权问题漏洞
IBM Storage Protect IBM Spectrum Protect is a backup software from International Business Machines IBM. Provides comprehensive data data disaster recovery capabilities for physical file servers, virtual environments, and various applications. An authorization issue vulnerability exists in IBM...
PT-2024-27945 · Ibm · Ibm Storage Protect For Virtual Environments
Name of the Vulnerable Software and Affected Versions: IBM Storage Protect for Virtual Environments: Data Protection for VMware versions 8.1.0.0 through 8.1.22.0 Description: The issue is caused by improper validation of user permission, allowing a remote authenticated attacker to bypass security...
How to Clean Up Veeam Kasten for Kubernetes Manual Backups
Purpose This article provides an overview of scenarios where out-of-schedule restorePoints are created and how to identify and remove them. Cause With Veeam Kasten for Kubernetes , there are multiple ways to take backups & exports. A manual backup/export from the application menu. A manual policy...
CVE-2024-21754
A use of password hash with insufficient computational effort vulnerability CWE-916 affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged...
Fortinet FortiOS and Fortinet FortiProxy Security Vulnerabilities
Fortinet FortiOS and Fortinet FortiProxy are both products of Fortinet, Inc. Fortinet FortiOS is a dedicated security operating system on the FortiGate network security platform. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content...
PT-2024-4152 · Fortinet · Fortiproxy +1
Name of the Vulnerable Software and Affected Versions: FortiOS versions prior to 7.4.4 FortiOS version 7.2 and earlier FortiOS version 7.0 and earlier FortiOS version 6.4 and earlier FortiProxy versions prior to 7.4.3 FortiProxy version 7.2 and earlier FortiProxy version 7.0 and earlier FortiProx...
CVE-2024-5599
The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.7 via the 'fileorganizerajaxhandler' function. This makes it possible for unauthenticated attackers to extract sensitive data...