CVE-2023-41786 Database backups availability by low-privileged users

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pandora FMS on all allows File Discovery. This vulnerability allows users with low privileges to download database backups. This issue affects Pandora FMS: from 700 through 772...

PT-2023-8737 · Unknown · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 700 through 772 Description: The issue is related to the exposure of sensitive information to unauthorized actors, allowing users with low privileges to download database backups. This can be exploited by a remote attacke...

Artica Pandora FMS Security Vulnerability

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A security vulnerability exists in Artica Pandora FMS versions 700 through 772, which stems from a sensitive information...

DEBIAN-CVE-2023-41335

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities—it already learns the users' passwords as...

UBUNTU-CVE-2023-41335

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities—it already learns the users' passwords as...

matrix-synapse vulnerable to temporary storage of plaintext passwords during password changes

Impact When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities—it already learns the users' passwords as part of the authentication process—it does disrupt the expectation that passwords won't be...

PT-2023-27911 · Synapse +2 · Synapse +2

Name of the Vulnerable Software and Affected Versions: Synapse versions prior to 1.93.0 Description: The issue concerns the temporary storage of user passwords in the server database when users update their credentials. Although this does not grant the server any additional capabilities, it...

Kodi Confirms Data Breach: 400K User Records and Private Messages Stolen

Open source media player software provider Kodi has confirmed a data breach after threat actors stole the company's MyBB forum database containing user data and private messages. What's more, the unknown threat actors attempted to sell the data dump comprising 400,635 Kodi users on the now-defunc...

Information disclosure

An Information Disclosure vulnerability exists in AvantFAX 3.3.7. Backups of the AvantFAX sent/received faxes, and database backups are stored using the current date as the filename and hosted on the web server without access controls...

iFAX AvantFAX 信息泄露漏洞

iFAX AvantFAX is a web application from iFAX Corporation that allows users to view and send faxes on any platform without the need to install special software. A security vulnerability exists in iFAX AvantFAX version 3.3.7, which stems from an information disclosure vulnerability where backups of...

Tecnick.com TCExam 信息泄露漏洞

Tecnick.com TCExam is a Web-based open source e-exam system from Tecnick.com, UK. The system is primarily used for online exams, among other things. TCExam suffers from an information disclosure vulnerability that stems from an access restriction error in the default settings. A remote attacker...

WordPress Database Backups 1.2.2.6 Plugin - (Database Backup Download) CSRF Vulnerability

Exploit Title: WordPress Plugin Database Backups 1.2.2.6 - 'Database Backup Download' CSRF Author: 0xB9 Software Link: https://wordpress.org/plugins/database-backups/ Version: 1.2.2.6 Tested on: Windows 10 CVE: CVE-2021-24174 1. Description: This plugin allows admins to create and download databa...

WordPress Database Backups 1.2.2.6 Cross Site Request Forgery

Exploit Title: WordPress Plugin Database Backups 1.2.2.6 - 'Database Backup Download' CSRF Date: 2/10/2021 Author: 0xB9 Software Link: https://wordpress.org/plugins/database-backups/ Version: 1.2.2.6 Tested on: Windows 10 CVE: CVE-2021-24174 1. Description: This plugin allows admins to create and...

WordPress Plugin Database Backups 1.2.2.6 - 'Database Backup Download' CSRF

Exploit Title: WordPress Plugin Database Backups 1.2.2.6 - 'Database Backup Download' CSRF Date: 2/10/2021 Author: 0xB9 Software Link: https://wordpress.org/plugins/database-backups/ Version: 1.2.2.6 Tested on: Windows 10 CVE: CVE-2021-24174 1. Description: This plugin allows admins to create and...

CVE-2021-24174

The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups...

CVE-2021-24174

The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups...

CVE-2021-24172

The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the DB, plugins, and current...

Cross site request forgery (csrf)

The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups...

CVE-2021-24174

The CVE-2021-24174 affects the WordPress Database Backups plugin up to version 1.2.2.6. It lacks CSRF checks, enabling an authenticated attacker to induce a logged-in user to perform actions such as generating database backups, changing plugin settings, or deleting backups. The root cause is CSRF...

CVE-2021-24174 Database Backups <= 1.2.2.6 - CSRF to Backup Download

The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups...