GHSA-VRMR-F2QH-3HHF Improper use of cryptographic key in wal-g

WAL-G before 1.1, when a non-libsodium build e.g., one of the official binary releases published as GitHub Releases is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user likely wanted to...

COMMAX Biometric Access Control System 1.0.0 Authentication Bypass

COMMAX Biometric Access Control System 1.0.0 Authentication Bypass Vendor: COMMAX Co., Ltd. Prodcut web page: https://www.commax.com Affected version: 1.0.0 Summary: Biometric access control system. Desc: The application suffers from an authentication bypass vulnerability. An unauthenticated...

COMMAX Biometric Access Control System 1.0.0 - Authentication Bypass Vulnerability

Exploit Title: COMMAX Biometric Access Control System 1.0.0 - Authentication Bypass Exploit Author: LiquidWorm Vendor Homepage: https://www.commax.com COMMAX Biometric Access Control System 1.0.0 Authentication Bypass Vendor: COMMAX Co., Ltd. Prodcut web page: https://www.commax.com Affected...

COMMAX Biometric Access Control System 1.0.0 - Authentication Bypass

Exploit Title: COMMAX Biometric Access Control System 1.0.0 - Authentication Bypass Date: 02.08.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.commax.com COMMAX Biometric Access Control System 1.0.0 Authentication Bypass Vendor: COMMAX Co., Ltd. Prodcut web page:...

CVE-2021-38599

WAL-G before 1.1, when a non-libsodium build e.g., one of the official binary releases published as GitHub Releases is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user likely wanted to...

CVE-2021-38599

WAL-G before 1.1, when a non-libsodium build e.g., one of the official binary releases published as GitHub Releases is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user likely wanted to...

Code injection

WAL-G before 1.1, when a non-libsodium build e.g., one of the official binary releases published as GitHub Releases is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user likely wanted to...

CVE-2021-38599

WAL-G before 1.1, when a non-libsodium build e.g., one of the official binary releases published as GitHub Releases is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user likely wanted to...

CVE-2021-38599

CVE-2021-38599 affects WAL-G prior to version 1.1. In non-libSodium builds, WAL-G silently ignores the libsodium encryption key and uploads backups in plaintext, creating an information disclosure vulnerability. Affected software: WAL-G backup tool (used with PostgreSQL, MySQL/MariaDB, MS SQL Ser...

CVE-2021-36454

Cross Site Scripting XSS vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to 1 backups\backups.php, 2 blocks\blocks.php, 3 brands\brands.php, 4 comments\comments.php, 5 coupons\coupons.php, 6 feeds\feeds.php, 7 functions\functions.php, 8 items\items.php, 9...

No More Ransom Saves Victims Nearly €1 billion Over 5 Years

To date, the No More Ransom repository of ransomware decryptors has helped more than 6 million victims recover their files, keeping nearly a billion euros out of the hands of cybercriminals, according to a Monday release. Launched five years ago, No More Ransom is maintained via cooperation betwe...

The True Impact of Ransomware Attacks

One of the most damaging myths about ransomware attacks is, “If your company does regular system backups, you don’t have to worry. Just restore from the backup.” While system backups are crucial — power outages, natural disasters, or even mistakes by employees can destroy data just as quickly as ...

Tecnick.com TCExam 信息泄露漏洞

Tecnick.com TCExam is a Web-based open source e-exam system from Tecnick.com, UK. The system is primarily used for online exams, among other things. TCExam suffers from an information disclosure vulnerability that stems from an access restriction error in the default settings. A remote attacker...

Don’t Wanna Pay Ransom Gangs? Test Your Backups.

Browse the comments on virtually any story about a ransomware attack and you will almost surely encounter the view that the victim organization could have avoided paying their extortionists if only theyd had proper data backups. But the ugly truth is there are many non-obvious reasons why victims...

CVE-2021-36383

Xen Orchestra with xo-web through 5.80.0 and xo-server through 5.84.0 mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the permission field from none to admin. The attacker gains access to data sets such as VMs, Backups, Audit,...

CVE-2021-36383

Xen Orchestra with xo-web through 5.80.0 and xo-server through 5.84.0 mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the permission field from none to admin. The attacker gains access to data sets such as VMs, Backups, Audit,...

3 things the Kaseya attack can teach us about ransomware recovery

Only rarely do companies allow us a look inside their organization while they are recovering from a ransomware attack. Many find it more convenient to keep a low profile or to be secretive. A positive exception to this is found in the Dutch managed service provider MSP VelzArt, one of the many...

WordPress Database Backups 1.2.2.6 Plugin - (Database Backup Download) CSRF Vulnerability

Exploit Title: WordPress Plugin Database Backups 1.2.2.6 - 'Database Backup Download' CSRF Author: 0xB9 Software Link: https://wordpress.org/plugins/database-backups/ Version: 1.2.2.6 Tested on: Windows 10 CVE: CVE-2021-24174 1. Description: This plugin allows admins to create and download databa...

WordPress Database Backups 1.2.2.6 Cross Site Request Forgery

Exploit Title: WordPress Plugin Database Backups 1.2.2.6 - 'Database Backup Download' CSRF Date: 2/10/2021 Author: 0xB9 Software Link: https://wordpress.org/plugins/database-backups/ Version: 1.2.2.6 Tested on: Windows 10 CVE: CVE-2021-24174 1. Description: This plugin allows admins to create and...

WordPress Plugin Database Backups 1.2.2.6 - 'Database Backup Download' CSRF

Exploit Title: WordPress Plugin Database Backups 1.2.2.6 - 'Database Backup Download' CSRF Date: 2/10/2021 Author: 0xB9 Software Link: https://wordpress.org/plugins/database-backups/ Version: 1.2.2.6 Tested on: Windows 10 CVE: CVE-2021-24174 1. Description: This plugin allows admins to create and...