CVE-2019-5263

HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305MAC and earlier versions and HwBackup with earlier versions before 9.1.1.308 have a brute forcing encrypted backup data vulnerability. Huawei smartphone user backup information can be obtained by brute forcing the password for encrypting th...

Fortinet FortiOS Trust Management Issue Vulnerability

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A security vulnerability exists i...

Hardcoded credentials

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. The firmware hashes and encrypts passwords using a hardcoded cryptographic key in salutilstrencrypt in libsal.so.0.0. The parameters salt, IV, and key data are used to encrypt and decrypt all passwords using AES256...

CVE-2012-1156

Moodle before 2.2.2 has users' private files included in course backups...

Design/Logic Flaw

Moodle before 2.2.2 has users' private files included in course backups...

CVE-2012-1156

Moodle before 2.2.2 has users' private files included in course backups Versions 2.2 to 2.2.1+, 2.1 to 2.1.4+, 2.0 to 2.0.7+ are affected...

CVE-2012-1156

Moodle before 2.2.2 has users' private files included in course backups...

CVE-2012-1156

Moodle vulnerability CVE-2012-1156 affects Moodle releases prior to 2.2.2, where private user files could be included in course backups. Connected advisories/cve listings confirm affected versions across 2.0–2.2.x (e.g., 2.0–2.0.7+, 2.1–2.1.4+, 2.2–2.2.1+) and describe this as a design/logic flaw...

CISA Launches “Cyber Essentials” for Small Businesses and Small SLTT Governments

The Cybersecurity and Infrastructure Security Agency CISA has launched Cyber Essentials, an effort to assist small organizations in understanding and addressing cybersecurity risks. Developed in partnership with small businesses and small state, local, tribal, and territorial SLTT governments,...

Update Rollup 8 for System Center 2016 Data Protection Manager

Update Rollup 8 for System Center 2016 Data Protection Manager Introduction This article describes the issues that are fixed in Update Rollup 8 for Microsoft System Center 2016 Data Protection Manager. This article also contains the installation instructions for this update.Note Existing Data...

U.S. Dept Of Defense: Directory Indexing on the ████ (https://████/) leads to the backups disclosure and credentials leak

Description During poking around █████████/24 range - █████ looking for the Cisco devices, I came across █████ which resolved to the https://██████/ While it's a not .mil host, it's likely related to the DoD since it hosted in the DoD-controlled ASN. I discovered few critical vulnerabilities here...

CVE-2019-11029

Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Download method of AutoUpdateService in SMServer.exe, leading to Directory Traversal. An attacker could use ..\ with this method to iterate over lists of interesting system files and download them without previous authentication. This...

cPanel Privilege Permission and Access Control Issues Vulnerability (CNVD-2019-29608)

cPanel is a set of Web-based automated colocation platforms from the American company cPanel. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in cPanel versions prior to 68.0.15, which stems from the program writing backup files o...

cPanel Authorization Issues Vulnerability (CNVD-2019-29606)

cPanel is a set of Web-based automated colocation platforms from the American company cPanel. The platform is primarily used to automate the management of websites and servers. The security vulnerability in cPanel versions prior to 68.0.15 stems from the program assigning weak privileges for...

CVE-2017-18390

cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups SEC-322...

CVE-2017-18383

cPanel before 68.0.15 writes home-directory backups to an incorrect location SEC-309...

CVE-2017-18383

cPanel before 68.0.15 writes home-directory backups to an incorrect location SEC-309...

Code injection

cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups SEC-322...

Design/Logic Flaw

cPanel before 68.0.15 writes home-directory backups to an incorrect location SEC-309...

CVE-2017-18390

cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups SEC-322...