WordPress 跨站请求伪造漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on servers running PHP and MySQL. Database Backups WordPress plugin through 1.2.2.6 A cross-site request forgery vulnerability can be exploite...

WordPress VM Backups plugin 跨站请求伪造漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A cross-site request forgery vulnerability exists in...

Google Play Diibear 安全漏洞

Google Play Diibear is an application from Google Play. It provides a feature that allows parents to use the application to stay in touch with the kindergarten and get information about their children's learning and play as well as kindergarten newsletters and announcements. A security...

VM Backups <= 1.0 - CSRF to Stored Cross-Site Scripting (XSS)

The plugin does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as update the plugin's options, leading to a Stored Cross-Site Scripting issue. PoC The PoC will be displayed once the issue has been remediated...

VM Backups <= 1.0 - CSRF to Stored Cross-Site Scripting (XSS)

The plugin does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as update the plugin's options, leading to a Stored Cross-Site Scripting issue. The PoC will be displayed once the issue has been remediated...

Database Backups <= 1.2.2.6 - CSRF to Backup Download

The plugin does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups. When generating a backup, the file is created in the /wp-content/uploads/database-backups directory, with ...

Database Backups <= 1.2.2.6 - CSRF to Backup Download

The plugin does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups. When generating a backup, the file is created in the /wp-content/uploads/database-backups directory, with ...

CVE-2020-35658

SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted...

CVE-2020-35658

SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted...

CVE-2020-35658

SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted...

Copperfasten Technologies TitanHQ SpamTitan Encryption Issue Vulnerability

Copperfasten Technologies TitanHQ SpamTitan is a spam filter from Copperfasten Technologies, Ireland. The product blocks email threats such as spam, viruses, malware, ransomware and phishing. A security vulnerability exists in SpamTitan versions prior to 7.09, which stems from a vulnerability tha...

X-STREAM enhanced XEGP Authorization Issues Vulnerability

The Emerson Rosemount X-STREAM Gas Analyzer is an Emerson gas analyzer for industrial environments. The device supports up to five component gas analyzers and features NDIR/UV/VIS photometry, paramagnetic and electrochemical O2, thermal conductivity and humidity sensors. X-STREAM enhanced XEGP Al...

targetcli: weak permissions for /etc/target and backup files

An access flaw was found in targetcli, where the /etc/target and underneath backup directory/files were world-readable. This flaw allows a local attacker to access potentially sensitive information such as authentication credentials from the /etc/target/saveconfig.json and backup files. The highe...

The configuration function vulnerability of the Cisco Nexus Data Broker allows a perpetrator to rerecord arbitrary files.

The vulnerability of the configuration function of the Cisco Nexus Data Broker lies in insufficient verification of configuration backup files. Exploiting this vulnerability allows a malicious actor to rewrite any files at will...

JetBrains YouTrack Information Disclosure Vulnerability (CNVD-2020-66296)

JetBrains YouTrack is a browser-based bug tracking and project management software from the Czech company JetBrains. The software features bug tracking, creating workflows and monitoring project progress. An information disclosure vulnerability exists in JetBrains YouTrack for Android versions...

CVE-2020-24366

Sensitive information could be disclosed in the JetBrains YouTrack application before 2020.2.0 for Android via application backups...

CVE-2020-24366

Sensitive information could be disclosed in the JetBrains YouTrack application before 2020.2.0 for Android via application backups...

Information disclosure

Sensitive information could be disclosed in the JetBrains YouTrack application before 2020.2.0 for Android via application backups...

CVE-2020-24366

Sensitive information could be disclosed in the JetBrains YouTrack application before 2020.2.0 for Android via application backups...

CVE-2020-24366

Public details to date are limited; connected documents provide only a high-level disclosure (YouTrack Android backups prior to 2020.2.0). No technical specifics (affected component/version/root cause) are present in the included sources.