774 matches found
PT-2019-7670 · WordPress · Wp-Database-Backup
Name of the Vulnerable Software and Affected Versions: wp-database-backup plugin versions prior to 4.3.3 Description: The issue concerns a CSRF problem in the wp-database-backup plugin for WordPress. Recommendations: For versions prior to 4.3.3, update to version 4.3.3 or later to resolve the iss...
Cryptolocking WordPress Plugin Locks Up Blog Posts
A malicious WordPress plugin ironically called WP Security has been spotted in the wild encrypting blog posts and rendering the content unreadable. It’s capable of targeting individual posts — an unusual behavior, according to researchers. According to analysis from Sucuri, the plugin obtains a...
Cryptolocking WordPress Plugin Locks Up Blog Posts
A malicious WordPress plugin ironically called WP Security has been spotted in the wild encrypting blog posts and rendering the content unreadable. It’s capable of targeting individual posts — an unusual behavior, according to researchers. According to analysis from Sucuri, the plugin obtains a...
Dolibarr < 9.0.3 Multiple Vulnerabilities
Dolibarr is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:dolibarr:dolibarr"; if description...
WordPress Plugin Database Backup < 5.2 - Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WP Database Backup RCE', 'Description' = %q There exists a command injection vulnerability in the Wordpress plugin wp-database-backup for version...
WordPress Database Backup < 5.2 Remote Command Execution Exploit
There exists a command injection vulnerability in the Wordpress plugin wp-database-backup for versions less than 5.2. For the backup functionality, the plugin generates a mysqldump command to execute. The user can choose specific tables to exclude from the backup by setting the wpdbexcludetable...
CVE-2019-7667
Prima Systems FlexAir, Versions 2.3.38 and prior. The application generates database backup files with a predictable name, and an attacker can use brute force to identify the database backup file name. A malicious actor can exploit this issue to download the database file and disclose login...
CVE-2019-7667
Prima Systems FlexAir, Versions 2.3.38 and prior. The application generates database backup files with a predictable name, and an attacker can use brute force to identify the database backup file name. A malicious actor can exploit this issue to download the database file and disclose login...
CVE-2019-7667
CVE-2019-7667 affects Prima Systems FlexAir (versions 2.3.38 and prior). The flaw is that database backup files are created with predictable names, allowing brute-force identification of the backup file. An attacker could download the backup, obtain login information, and bypass authentication to...
CVE-2019-7667
Prima Systems FlexAir, Versions 2.3.38 and prior. The application generates database backup files with a predictable name, and an attacker can use brute force to identify the database backup file name. A malicious actor can exploit this issue to download the database file and disclose login...
PT-2019-18690 · Prima Systems · Flexair
Name of the Vulnerable Software and Affected Versions: Prima Systems FlexAir versions 2.3.38 and prior Description: The application generates database backup files with a predictable name, allowing an attacker to use brute force to identify the database backup file name. This can be exploited to...
WP Database Backup Plugin for WordPress < 5.2 Command Injection
The WordPress WP Database Backup Plugin installed on the remote host is affected by an operating system command injection vulnerability due to improper sanitization of user-supplied input. Note that the scanner has not tested for these issues but has instead relied only on the application's...
CVE-2019-12564
In DouCo DouPHP v1.5 Release 20190516, remote attackers can view the database backup file via a brute-force guessing approach for data/backup/DyyyymmddThhmmss.sql filenames...
Design/Logic Flaw
In DouCo DouPHP v1.5 Release 20190516, remote attackers can view the database backup file via a brute-force guessing approach for data/backup/DyyyymmddThhmmss.sql filenames...
CVE-2019-12564
CVE-2019-12564 affects DouCo DouPHP v1.5 Release 20190516. The issue allows remote attackers to view database backups by brute-forcing filenames data/backup/DyyyymmddThhmmss.sql, leading to partial/backup data exposure. Connected Red Hat and NVD entries corroborate the vulnerability description; ...
WordPress WP Database Backup plugin <= 5.1.2 - Unauthenticated OS Command Injection vulnerability
Unauthenticated OS Command Injection vulnerability found by WordFence in WordPress WP Database Backup plugin versions = 5.1.2. Solution Update the WordPress WP Database Backup plugin to the latest available version at least 5.2...
CVE-2018-14729
The database backup feature in upload/source/admincp/admincpdb.php in Discuz! 2.5 and 3.4 allows remote attackers to execute arbitrary PHP code...
CVE-2018-14729
The database backup feature in upload/source/admincp/admincpdb.php in Discuz! 2.5 and 3.4 allows remote attackers to execute arbitrary PHP code...
CVE-2018-14729
The database backup feature in upload/source/admincp/admincpdb.php in Discuz! 2.5 and 3.4 allows remote attackers to execute arbitrary PHP code...
CVE-2018-14729
The CVE-2018-14729 entry affects Discuz! versions 2.5 and 3.4, where the database backup feature in upload/source/admincp/admincp_db.php enables remote attackers to execute arbitrary PHP code. The Red Hat, NVD, CVE list, and CNVD records confirm this backend command execution risk originates from...