146 matches found
Arbitrary File Deletion Vulnerability in MOMOCMS
MoMoCMS is an enterprise building system developed by php+MySQL. An arbitrary file deletion vulnerability exists in the MOMOCMS 'unlink' function. Due to obtaining the within to be deleted via $GET'file' allows an attacker to delete database files backed up by the administrator...
SweetRice Backup Information Disclosure Vulnerability
SweetRice CMS is an open source web content management system CMS. The system provides search engine optimization and other features. SweetRice version 1.5.1 suffers from a backup information disclosure vulnerability, which can be exploited by an attacker to obtain database and website backup...
Debian DLA-390-1 : dbconfig-common security update
It was discovered that dbconfig-common could, depending on the local umask, make PostgreSQL database backups that were readable by other users than the database owner. The issue is fixed in version 1.8.46+squeeze.1. Access rights to existing database backups not only for PostgreSQL will be limite...
XCloner Wordpress/Joomla! Plugin - Multiple Vulnerabilities
No description provided by source. Title: XCloner Wordpress/Joomla! backup Plugin v3.1.1 Wordpress v3.5.1 Joomla! Vulnerabilities Author: Larry W. Cashdollar, @larry0 Date: 10/17/2014 Download: https://wordpress.org/plugins/xcloner-backup-and-restore/ Download:...
WordPress XCloner Plugin <= 3.1.1 - Multiple Vulnerabilities
There are multiple vulnerabilities in this plugin, such as arbitrary command execution, clear text MySQL password exposure through html text box under configuration panel, MySQL password exposed to process table, database backups exposed to local users due to open file permissions, authenticated...
osCSS 1.2.1 - Database Backups Disclosure
No description provided by source...
MyBB < 1.6.10 Multiple Vulnerabilities
According to its version number, the MyBB install hosted on the remote web server is affected by multiple vulnerabilities : - A SQL injection vulnerability exists due to improper sanitization of user-supplied input during database optimization. - A SQL injection vulnerability exists due to improp...
Improper access control
Artiphp CMS 5.5.0 Neo r422 stores database backups with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request...
CVE-2012-2905
Artiphp CMS 5.5.0 Neo r422 stores database backups with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request...
CVE-2012-2905
CVE-2012-2905 affects Artiphp CMS 5.5.0 Neo (r422), where database backups are stored with predictable names under the web root due to insufficient access control. This information exposure enables remote attackers to obtain sensitive data via direct requests. The primary impact is confidential d...
Backups Pane Object Not Found
Challenge You receive an error stating "Object 'GUID' was not found when going into the Backups Pane. Cause The object it is looking for is no longer in the database and the backups that are causing the error needs to be removed from the database. Solution Run the following powershell script by...
GlobalSign Investigation Continues, Some CA Services to Return Monday
UPDATE: A day after suspending the issuance of SSL certificates while it investigates claims that its certificate authority infrastructure was compromised, GlobalSign said that the investigation is still ongoing but that it planned to begin bringing some of its services back online on Monday...
DigiNotar Hacker Says He Has GlobalSign Database Backups, Other Data
As GlobalSign continues the investigation into the claimed compromise of its CA infrastructure, the attacker who says he breached DigiNotar and Comodo said in another message on Pastebin Wednesday that not only did he hack GlobalSign, but he has the private key used to sign the certificate for th...
CVE-2010-2467
The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not require setting a password for the FTP server that stores database backups, which makes it easier for remote attackers to download backup files via unspecified FTP requests...
CVE-2010-2466
The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not properly prevent downloading of database backups, which allows remote attackers to obtain sensitive information via requests for full.dar files with predictable filenames...
Default credentials
The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not require setting a password for the FTP server that stores database backups, which makes it easier for remote attackers to download backup files via unspecified FTP requests...
CVE-2010-2467
CVE-2010-2467 affects the S2 Security NetBox (likely 2.x–3.x) used in Linear eMerge 50/5000 and Sonitrol eAccess. The FTP server storing database backups does not require a password, enabling remote download of backups via FTP requests. Exploitation details are not provided in the connected docum...
CVE-2010-2466
The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not properly prevent downloading of database backups, which allows remote attackers to obtain sensitive information via requests for full.dar files with predictable filenames...
CVE-2010-2467
The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not require setting a password for the FTP server that stores database backups, which makes it easier for remote attackers to download backup files via unspecified FTP requests...
CVE-2010-2466
CVE-2010-2466 affects S2 NetBox (used in Linear eMerge and Sonitrol eAccess). The vulnerability allows remote attackers to obtain sensitive data by requesting full_*.dar database backups due to insufficient access protection and predictable backup filenames. Affected NetBox versions include 2.x/3...