774 matches found
WP Database Backup < 4.3.1 - CSRF & XSS
The WP Database Backup WordPress plugin was affected by a CSRF & XSS security vulnerability...
Teampass 2.1.25 Unauthenticated Access
Document Title: =============== Teampass v2.1.25 - Unauthenticated Access Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1844 Release Date: ============= 2016-05-18 Vulnerability Laboratory ID VL-ID: ==================================== 18...
Transaction Log Truncation Failure for MSSQL Instances on Shared VHDX
Challenge When attempting to run a backup job for a Microsoft SQL Server that is in either a SQL Server Failover Cluster or AlwaysOn Failover Cluster with a shared VHDX, the backup job reports the warning: Failed to truncate transaction logs for SQL instances: . Possible reasons: lack of...
WordPress 备份与恢复插件 WP Backitup Lite 数据库备份文件泄露漏洞
No description provided by source...
emlog automatic backup plug-in leaked the entire Station database backup vulnerability-vulnerability warning-the black bar safety net
This is my third time in your blog to find the fatal flaw. The first is a third-party Storage, the solution is to delete. The second is"EMLOG album", which is this article:is. The third time is this time, I wrote one using the script, directly to your blog, the whole site backup file down under,...
Geeklog 2.1.0 - Multiple Vulnerabilities
Exploit for php platform in category web applications Geeklog 2.1.0 - Command Injection, XSS, Command Injection Vulnerabilities Overview The admin area of Geeklog suffers from two vulnerabilities that can lead to code execution: OS Command Injection and Upload of Files with Dangerous Type. The...
ZeusCMS 0.2 admin/backup.sql 数据库备份文件泄露
No description provided by source...
emlog 自动备份并发送到邮箱插件泄露整站数据库备份漏洞
No description provided by source...
WordPress Database Backup Plugin <= 3.3 - Stored Cross-Site Scripting
Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
CVE-2014-8605
The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores database backup files with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to a backup file in administrators/backups/...
Improper access control
The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores database backup files with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to a backup file in administrators/backups/...
CVE-2014-8605
The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores database backup files with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to a backup file in administrators/backups/...
CVE-2014-8605
The CVE concerns the XCloner Backup and Restore plugin for WordPress (v3.1.1) and Joomla! (v3.5.1), where database backup files are stored under the web root with predictable names due to insufficient access control. This allows remote attackers to obtain sensitive information by directly request...
Symantec Encryption Management Server Database Backup Command Injection (CVE-2014-7288)
A command-injection vulnerability has been reported in Symantec Encryption Management Server. The vulnerability is due to insufficient sanitization of user-supplied input when processing database backup commands from the Web UI. A remote, authenticated attacker could exploit this vulnerability by...
LabTech Database Backup Tasks Run Too Long
Challenge With Veeam Plug-in for LabTech, the database backup tasks run for an extended period of time. Cause This happens due to the growth of pluginveeambrsystemlog table. Solution The issue should be fixed in later releases. In the meantime, a workaround is available. Download the fix here...
CVE-2014-7288
Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action...
Design/Logic Flaw
Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action...
CVE-2014-7288
Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action...
Symantec Encryption Management Server Local Command Injection Vulnerability
Symantec Encryption Management Server is a single console for managing multiple encryption applications in the PGP platform. A command injection vulnerability exists in Symantec Encryption Management Server's handling of database backup recovery, which could be exploited by a remote attacker to...
Symantec Encryption Management Server Database Backup Command Line Injection and Email Header Inject
SUMMARY Symantec Encryption Management Server is susceptible to a shell command line injection when an authorized, but less privileged administrator, is submitting a request for a database backup. This could potentially result in the malicious administrator gaining privileged access on the server...