CVE-2023-51065

Incorrect access control in QStar Archive Solutions Release RELEASE3-0 Build 7 Patch 0 allows unauthenticated attackers to obtain system backups and other sensitive information from the QStar Server...

QStar Archive Solutions Security Breach

QStar Archive Solutions is QStar's range of storage technologies for managing disk arrays, object storage, tape libraries, CD-ROM libraries, WORM and clouds private and hybrid. A security vulnerability exists in QStar Archive Solutions RELEASE3-0 Build 7 release that stems from the presence of an...

PT-2024-14044 · Qstar · Qstar Archive Solutions

Name of the Vulnerable Software and Affected Versions: QStar Archive Solutions Release RELEASE 3-0 Build 7 Patch 0 Description: The issue is related to incorrect access control, allowing unauthenticated attackers to obtain system backups and other sensitive information from the QStar Server...

CVE-2023-51065

CVE-2023-51065 describes an Imprudent/ Improper access control vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 . The root cause is an access-control flaw that allows unauthenticated attackers to obtain system backups and other sensitive information from the QStar Serv...

CVE-2023-5504

The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default...

Directory traversal

The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default...

CVE-2023-5504 BackWPup <= 4.0.1 - Authenticated (Administrator+) Directory Traversal

The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default...

PT-2024-12979 · Undefined · Undefined

NCC Group выпустила третье исследование с оценкой безопасности популярных инструментов RMM, в котором представила обзор на 18 уязвимостей в PandoraFMS. Ранее в поле зрения исследователей попадали множественные уязвимости в Faronics Insight и Nagios XI. PandoraFMS - это приложение для мониторинга ...

WordPress Plugin Migrate WordPress Website & Backups Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

PT-2024-6533 · Fortinet · Fortimanager +1

Name of the Vulnerable Software and Affected Versions: Fortinet FortiManager versions 7.0.0 through 7.0.10 Fortinet FortiManager versions 7.2.0 through 7.2.4 Fortinet FortiManager versions 7.4.0 through 7.4.1 Fortinet FortiAnalyzer versions 7.0.0 through 7.0.10 Fortinet FortiAnalyzer versions 7.2...

CVE-2023-6114

The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the backups-dup-lite/tmp directory or the backups-dup-pro/tmp directory in the Pro version, which temporarily stores files containing sensitive data. When directory listing is...

PT-2023-32756

Name of the Vulnerable Software and Affected Versions Clone WordPress plugin versions prior to 2.4.3 Description The Clone WordPress plugin uses buffer files to store in-progress backup information at a publicly accessible, statically defined file path. This issue potentially affects 90,000 sites...

The vulnerability of the Scheduled Backups function in the Nagios XI monitoring tool allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the Scheduled Backups function in the Nagios XI monitoring tool is related to synchronization errors when using a shared resource during port scanning. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

PT-2023-32523 · WordPress · Duplicator +1

Name of the Vulnerable Software and Affected Versions: Duplicator WordPress plugin versions prior to 1.5.7.1 Duplicator Pro WordPress plugin versions prior to 4.5.14.2 Description: The issue concerns the Duplicator WordPress plugin and its Pro version, where the backups-dup-lite/tmp directory or...

CVE-2023-6538

SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to those specific...

Hitachi System Management Unit Security Vulnerability

Hitachi System Management Unit is a device used to manage servers and clusters from Hitachi, Japan. A security vulnerability exists in Hitachi System Management Unit SMU versions prior to 14.8.7825.01, which stems from the component's susceptibility to information disclosure via URL manipulation,...

Backup Migration Staging < 1.3.6 - Sensitive Data Exposure

Description The plugin stores in-progress backups information in easy to find, publicly-accessible files, which may allow attackers monitoring those to leak sensitive information from the site's backups. PoC 1 Run a backup of the site 2 Notice the following files are all publicly available while...

CVE-2023-5808

SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in a Storage administrative role are able to access HNAS configuration backup and diagnostic data, that would normally be barred to that specific administrative...

CVE-2023-6375

Tyler Technologies Court Case Management Plus may store backups in a location that can be accessed by a remote, unauthenticated attacker. Backups may contain sensitive information such as database credentials...

Information disclosure

Tyler Technologies Court Case Management Plus may store backups in a location that can be accessed by a remote, unauthenticated attacker. Backups may contain sensitive information such as database credentials...