Backup File Download Vulnerability in OTCMS

OTCMS Nettie CMS is an article-based web content management system CMS. OTCMS has a database backup file download vulnerability, which can be exploited by an attacker to obtain the database backup file by generating a logical error in the backup file name part...

SpinetiX Fusion Digital Signage 3.4.8 Database Backup Disclosure

SpinetiX Fusion Digital Signage 3.4.8 Database Backup Disclosure Vendor: SpinetiX AG Product web page: https://www.spinetix.com Affected version: = 3.4.8 1.0.36274 Summary: At SpinetiX we inspire businesses to unlock the potential of their story. We believe in the power of digital signage as a...

SpinetiX Fusion Digital Signage 3.4.8 - Database Backup Disclosure

Exploit Title: SpinetiX Fusion Digital Signage 3.4.8 - Database Backup Disclosure Date: 2020-09-30 Exploit Author: LiquidWorm Vendor Homepage: https://www.spinetix.com Version: = 8.2.26 SpinetiX Fusion Digital Signage 3.4.8 Database Backup Disclosure Vendor: SpinetiX AG Product web page:...

zrlog privilege checking vulnerability

ZrLog is a blog/CMS program developed in Java that is minimalist, easy to use, componentized, and has a low memory footprint. A privilege check vulnerability exists in zrlog 2.1.0. An attacker can log in with an administrator account and then use another unauthenticated user to download a databas...

CVE-2020-19005

zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly...

Design/Logic Flaw

zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly...

CVE-2020-19005

Summary: The issue CVE-2020-19005 affects zrlog v2.1.0 and stems from a faulty permission check that allows an admin session to enable other, unauthorized users to directly download the database backup file. Affected software: zrlog 2.1.0 (Java-based blog/CMS). Vulnerability details: Permission v...

CVE-2020-19005

zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly...

Command Execution Vulnerability in Daimi CMS Backend

DAMI CMS is a free open source, fast, simple PC building and mobile building integrated all-in-one system. A command execution vulnerability exists in the backend of Daimi CMS, which can be exploited by an attacker to back up the database and cause a getshell...

WordPress WP Database Backup File Read Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WP Database Backup is a data backup plugin used in it. A security vulnerability exists in WordPress WP Database Backup 5.5 and earlier...

CVE-2020-7241

The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. This might allow attackers to read ZIP archives by guessing random ID numbers, guessing date strings with a 20200..10..20..30..9 format, guessing UNIX...

CVE-2020-7241

The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. This might allow attackers to read ZIP archives by guessing random ID numbers, guessing date strings with a 20200..10..20..30..9 format, guessing UNIX...

Format string

The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. This might allow attackers to read ZIP archives by guessing random ID numbers, guessing date strings with a 20200..10..20..30..9 format, guessing UNIX...

CVE-2020-7241

The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. This might allow attackers to read ZIP archives by guessing random ID numbers, guessing date strings with a 20200..10..20..30..9 format, guessing UNIX...

CVE-2020-7241

The CVE concerns the WordPress WP Database Backup plugin (affected through 5.5, with related OpenVAS entry for

CVE-2019-19801

CVE-2019-19801 affects Gallagher Command Centre Server versions: v8.10 before 8.10.1134 (MR4), v8.00 before 8.00.1161 (MR5), v7.90 before 7.90.991 (MR5), v7.80 before 7.80.960 (MR2), and v7.70 or earlier. The issue allows an unprivileged but authenticated user to perform a backup of the Command C...

ASTPP 4.0.1 VoIP Billing - Database Backup Download Vulnerability

Exploit for linux platform in category web applications Exploit Title: ASTPP 4.0.1 VoIP Billing - Database Backup Download Exploit Author: Fabien AUNAY Vendor Homepage: https://www.astppbilling.org/ Software Link: https://github.com/iNextrix/ASTPP/tree/v4.0.1 Version: 4.0.1 vendor default setup...

ASTPP 4.0.1 VoIP Billing - Database Backup Download

ASTPP 4.0.1 VoIP Billing - Database Backup Download Exploit Title: ASTPP 4.0.1 VoIP Billing - Database Backup Download Date: 2019-11-18 Exploit Author: Fabien AUNAY Vendor Homepage: https://www.astppbilling.org/ Software Link: https://github.com/iNextrix/ASTPP/tree/v4.0.1 Version: 4.0.1 vendor...

ASTPP 4.0.1 VoIP Billing - Database Backup Download

Exploit Title: ASTPP 4.0.1 VoIP Billing - Database Backup Download Date: 2019-11-18 Exploit Author: Fabien AUNAY Vendor Homepage: https://www.astppbilling.org/ Software Link: https://github.com/iNextrix/ASTPP/tree/v4.0.1 Version: 4.0.1 vendor default setup script Tested on: Debian 9 - CentOS 7 CV...

CVE-2017-3600

It was discovered that the mysql and mysqldump tools did not correctly handle database and table names containing newline characters. A database user with privileges to create databases or tables could cause the mysql command to execute arbitrary shell or SQL commands while restoring database...