19 matches found
Cisco Nexus Dashboard Path Traversal Vulnerability
A vulnerability in the backup restore functionality of Cisco Nexus Dashboard could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. This vulnerability is due to insufficient validation of the contents of a backup file. An attacker with valid...
CVE-2024-22514
An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run arbitrary files by restoring a crafted backup file...
CVE-2022-40486
TP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. 574505553 was discovered to allow authenticated attackers to execute arbitrary code via a crafted backup file...
CVE-2025-43596
An insecure file system permissions vulnerability in MSP360 Backup 8.0 allows a low privileged user to execute commands with SYSTEM level privileges using a specially crafted file with an arbitrary file backup target. Upgrade to MSP360 Backup 8.1.1.19 released on 2025-05-15...
CVE-2024-44258
This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, tvOS 18.1, visionOS 2.1. Restoring a maliciously crafted backup file may lead to modification of protected system files...
CVE-2024-20485
A vulnerability in the VPN web server of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this...
CVE-2024-20485
A vulnerability in the VPN web server of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this...
PT-2024-7503 · Cisco · Cisco Ftd +1
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Cisco Firepower Threat Defense FTD Software affected versions not specified Description: A vulnerability in the VPN web server of the software could allow an...
CVE-2024-38471
Multiple TP-LINK products allow a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by restoring a crafted backup file. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi...
CVE-2024-38471
Multiple TP-LINK products allow a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by restoring a crafted backup file. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi...
CVE-2024-20358
A vulnerability in the Cisco Adaptive Security Appliance ASA restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level...
Authorization
An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run arbitrary files by restoring a crafted backup file...
CVE-2023-39001
A command injection vulnerability in the component diagbackup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file...
CVE-2022-40486
TP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. 574505553 was discovered to allow authenticated attackers to execute arbitrary code via a crafted backup file...
CVE-2022-40486
TP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. 574505553 was discovered to allow authenticated attackers to execute arbitrary code via a crafted backup file...
CVE-2022-40486
TP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. 574505553 was discovered to allow authenticated attackers to execute arbitrary code via a crafted backup file...
Moodle 输入验证错误漏洞
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. a security vulnerability exists in Moodle, which stems from a problem when the software restores backup files. an attacker could...
Memory corruption
Symantec Ghost Solution Suite 2.x through 2.5.1 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted backup file...
CVE-2012-0306
Symantec Ghost Solution Suite 2.x through 2.5.1 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted backup file...