1285 matches found
CVE-2023-28630
GoCD is an open source continuous delivery server. In GoCD versions from 20.5.0 and below 23.1.0, if the server environment is not correctly configured by administrators to provide access to the relevant PostgreSQL or MySQL backup tools, the credentials for database access may be unintentionally...
Design/Logic Flaw
GoCD is an open source continuous delivery server. In GoCD versions from 20.5.0 and below 23.1.0, if the server environment is not correctly configured by administrators to provide access to the relevant PostgreSQL or MySQL backup tools, the credentials for database access may be unintentionally...
CVE-2023-28630 Sensitive information disclosure possible on misconfigured failed backups of non-H2 databases in gocd
GoCD is an open source continuous delivery server. In GoCD versions from 20.5.0 and below 23.1.0, if the server environment is not correctly configured by administrators to provide access to the relevant PostgreSQL or MySQL backup tools, the credentials for database access may be unintentionally...
D-Link DNR-322L <=2.60B15 - Authenticated Remote Code Execution Exploit
Exploit Title: D-Link DNR-322L Exploit Writeup: https://lukasec.ch/posts/dlinkdnr322.html Vendor Homepage: https://dlink.com Vendor Advisory: https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10305 Software Link: http://legacyfiles.us.dlink.com/DNR-322L/REVA/FIRMWARE...
PT-2023-21862 · H2 +2 · H2 +3
Name of the Vulnerable Software and Affected Versions: GoCD versions 20.5.0 through 23.1.0 Description: The issue arises when the server environment is not correctly configured to provide access to the relevant PostgreSQL or MySQL backup tools, potentially leaking database access credentials to...
Fedora: Security Advisory for tar (FEDORA-2023-f72d3caf36)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5966-2: amanda regression
USN-5966-1 fixed vulnerabilities in amanda. Unfortunately it introduced a regression in GNUTAR-based backups. This update reverts all of the changes in amanda until a better fix is provided. We apologize for the inconvenience. Original advisory details: Maher Azzouzi discovered an information...
USN-5966-2 amanda regression
USN-5966-1 fixed vulnerabilities in amanda. Unfortunately it introduced a regression in GNUTAR-based backups. This update reverts all of the changes in amanda until a better fix is provided. We apologize for the inconvenience. Original advisory details: Maher Azzouzi discovered an information...
[SECURITY] Fedora 37 Update: tar-1.34-6.fc37
The GNU tar program saves many files together in one archive and can restore individual files or all of the files from that archive. Tar can also be used to add supplemental files to an archive and to update or list files in the archive. Tar includes multivolume support, automatic archive...
Fedora: Security Advisory for tar (FEDORA-2023-123778d70d)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2023-21565 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.0.2 of the stable branch Discourse versions prior to 3.1.0.beta3 of the beta and tests-passed branches Description: The issue allows an administrator to request backups multiple times, consuming all database...
Ransomware attack hits ANOTHER school
In what is likely Vice Society's handiwork, the UK's largest state boarding school Wymondham College has announced it has become the victim of a "sophisticated cyberattack". The school didn't provide additional information, but Jonathan Taylor, chief of the school's parent company Sapientia...
Breast cancer photos published by ransomware gang
The Russia-linked ALPHV ransomware group, also known as BlackCat, has posted sensitive clinical photos of breast cancer patients--calling them "nude photos"--to extort money from the Lehigh Valley Health Network LVHN. This has triggered a chorus of accusations from the cybersecurity community, wi...
CVE-2023-23327
An Information Disclosure vulnerability exists in AvantFAX 3.3.7. Backups of the AvantFAX sent/received faxes, and database backups are stored using the current date as the filename and hosted on the web server without access controls...
Information disclosure
An Information Disclosure vulnerability exists in AvantFAX 3.3.7. Backups of the AvantFAX sent/received faxes, and database backups are stored using the current date as the filename and hosted on the web server without access controls...
CVE-2023-23327
An Information Disclosure vulnerability exists in AvantFAX 3.3.7. Backups of the AvantFAX sent/received faxes, and database backups are stored using the current date as the filename and hosted on the web server without access controls...
iFAX AvantFAX 信息泄露漏洞
iFAX AvantFAX is a web application from iFAX Corporation that allows users to view and send faxes on any platform without the need to install special software. A security vulnerability exists in iFAX AvantFAX version 3.3.7, which stems from an information disclosure vulnerability where backups of...
Debian: Security Advisory (DLA-390-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-4932
The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeatreceived function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with...
CVE-2022-4931
The BackupWordPress plugin for WordPress is vulnerable to information disclosure in versions up to, and including 3.12. This is due to missing authorization on the heartbeatreceived function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with...