179 matches found
CVE-2025-25763
crmeb CRMEB-KY v5.4.0 and before has a SQL Injection vulnerability at getRead in /system/SystemDatabackupServices.php...
Online Threats Are Rising -Here’s Why Companies Must Improve Their Cybersecurity
Cybersecurity is a must as online threats rise. Businesses must train employees, back up data, and adopt strong…...
Dell Avamar SQL Injection Vulnerability (CNVD-2025-18250)
Dell Avamar is a software solution for data backup and recovery. A SQL injection vulnerability exists in Dell Avamar. The vulnerability stems from an improper neutralization of special elements in SQL commands. An attacker could exploit this vulnerability to perform command execution...
Dell Avamar SQL注入漏洞
Dell Avamar is a data backup and recovery software. A SQL injection vulnerability exists in Dell Avamar. The vulnerability stems from a lack of proper neutralization of specific elements used in SQL commands. An attacker could exploit the vulnerability to execute commands...
CVE-2024-1868
G DATA Total Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in orde...
CVE-2024-45044
Bareos is open source software for backup, archiving, and recovery of data for operating systems. When a command ACL is in place and a user executes a command in bconsole using an abbreviation i.e. "w" for "whoami" the ACL check did not apply to the full form i.e. "whoami" but to the abbreviated...
CVE-2024-45044 Bareos's negative command ACLs can be circumvented by abbreviating commands
Bareos is open source software for backup, archiving, and recovery of data for operating systems. When a command ACL is in place and a user executes a command in bconsole using an abbreviation i.e. "w" for "whoami" the ACL check did not apply to the full form i.e. "whoami" but to the abbreviated...
CVE-2024-45394
The CVE-2024-45394 entry concerns the Authenticator browser extension. In versions 7.0.0 and earlier, user data encryption keys were stored at-rest with AES-256 using EVP_BytesToKey as the KDF, enabling brute-force attacks if an attacker obtains a copy of the user data. Versions 8.0.0 and above a...
Key Takeaways From The Take Command Summit: Unlocking Security Success
As cybersecurity threats continue to evolve, so must our defenses. The recent Rapid7 Take Command Summit provided invaluable insights into preparing for, responding to, and recovering from ransomware attacks. Here are three essential takeaways from the session, "Before, During, & After Ransomware...
Driver Disk for Microsemi smartpqi 2.1.30_031 - For Citrix Hypervisor 8.2 Cumulative Update 1
Who should install this driver disk? Customers running the Citrix Hypervisor 8.2 Cumulative Update 1 LTSR release who use Microsemi's smartpqi driver and wish to use the latest version of the following: Driver Module| Driver Type| Version ---|---|--- smartpqi| SAS/Storage Controller| 2.1.30031...
Exploit for Special Element Injection in Google Android
CVE-2024-0044-EXP Uses CVE-2024-0044 to extract data from ba...
G DATA Total Security Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the G DATA...
G DATA Total Security Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the G DATA...
MGASA-2024-0193 Updated roundcubemail packages fix security vulnerabilities
This is a security update to the stable version 1.6 of Roundcube Webmail. Fix cross-site scripting XSS vulnerability in handling SVG animate attributes. Reported by Valentin T. and Lutz Wolf of CrowdStrike. Fix cross-site scripting XSS vulnerability in handling list columns from user preferences...
CVE-2023-27347
G DATA Total Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in orde...
CVE-2023-27347
CVE-2023-27347 affects G Data Total Security, specifically the Backup Service. The flaw allows local attackers who can execute low-privileged code to leverage a symbolic link in the Backup Service to create arbitrary files, enabling privilege escalation to the SYSTEM context. The vulnerability is...
Dell PowerProtect Data Manager Operating System Command Injection Vulnerability
Dell PowerProtect Data Manager PPDM is a set of data protection solutions from Dell USA. The product supports features such as data backup, virtual machine backup and database protection. An operating system command injection vulnerability exists in Dell PowerProtect Data Manager version 19.15 an...
Omron CS/CJ Series Missing Authentication For Critical Function (CVE-2022-45794)
Omron CS/CJ series programmable logic controllers are missing authentication for the file system. This could allow an attacker to access the file system via memory card or EM file memory and obtain all available sensitive information. This plugin only works with Tenable.ot. Please visit...
Release Information for Veeam Backup for Microsoft 365 7a Cumulative Patches
Requirements This Cumulative Patch can be used to: update manually from a previous Veeam Backup for Microsoft 365 7a release to the latest Cumulative Patch. upgrade an existing pre-7a Veeam Backup for Microsoft 365 server to Veeam Backup for Microsoft 365 7a with the latest Cumulative Patch...
CVE-2023-36620
An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The app is missing the android:allowBackup="false" attribute in the manifest. This allows the user to backup the internal memory of the app to a PC. This gives the user access to the API token that is...