29 matches found
CVE-2018-25437
CVE-2018-25437 concerns WordPress CherryFramework Themes 3.1.4, where an information disclosure vulnerability lets unauthenticated attackers download sensitive backup files via download_backup.php in admin/data_management, exposing the entire wp-content/themes directory. According to the provided...
EUVD-2018-21959
WordPress CherryFramework Themes 3.1.4 contains an information disclosure vulnerability that allows unauthenticated attackers to download sensitive backup files by accessing the downloadbackup.php endpoint. Attackers can directly access the downloadbackup.php script in the admin/datamanagement...
EUVD-2016-10888
WordPress Simple-Backup 2.7.11 contains multiple vulnerabilities that allow unauthenticated attackers to delete arbitrary files and download sensitive files by manipulating the deletebackupfile and downloadbackupfile parameters in tools.php. Attackers can exploit insufficient input validation usi...
PT-2026-49214
WordPress Simple-Backup 2.7.11 contains multiple vulnerabilities that allow unauthenticated attackers to delete arbitrary files and download sensitive files by manipulating the delete backup file and download backup file parameters in tools.php. Attackers can exploit insufficient input validation...
CVE-2026-7257
UNSUPPORTED WHEN ASSIGNED An insecure storage of sensitive information vulnerability in the configuration file of Zyxel WRE6505 v2 firmware version V1.00ABDV.3C0 could allow a local attacker with administrator privileges to download and decrypt a backup configuration file...
EUVD-2026-33396
An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes account data and password hashes...
PT-2026-44928
Name of the Vulnerable Software and Affected Versions Danelec MacGregor Voyage Data Recorder affected versions not specified Description An authenticated user can download a backup of the device, which contains account data and password hashes. Recommendations At the moment, there is no informati...
EUVD-2026-29377
UNSUPPORTED WHEN ASSIGNED An insecure storage of sensitive information vulnerability in the configuration file of Zyxel WRE6505 v2 firmware version V1.00ABDV.3C0 could allow a local attacker with administrator privileges to download and decrypt a backup configuration file...
EUVD-2024-55036
Huijietong Cloud Video Platform contains a path traversal vulnerability that allows an unauthenticated attacker can supply arbitrary file paths to the fullPath parameter of the /fileDownload?action=downloadBackupFile endpoint and retrieve files from the server filesystem. VulnCheck has observed...
HuiJieTong Cloud Video Platform 安全漏洞
HuiJieTong Cloud Video Platform is a cloud video platform from China-based HuiJieTong. A security vulnerability exists in HuiJieTong Cloud Video Platform, which can be exploited by an unauthenticated attacker to provide an arbitrary file path to the fullPath parameter of the...
Directory traversal
Directory Traversal vulnerability in flusity CMS v.2.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via the downloadbackup.php component...
flusity CMS Security Vulnerability
flusity CMS is a user interactive interface solution where code can be easily changed or added. A security vulnerability exists in flusity CMS version v.2.4, which stems from a path traversal vulnerability in the component downloadbackup.php...
Delinea Secret Server Security Vulnerability
Delinea Secret Server is a powerful PAM in the cloud or locally from Delinea USA. A security vulnerability exists in Delinea Secret Server versions v10.9.000002 and v11.4.000002, which originates from allowing an authenticated user with administrative privileges to create a backup file in the...
Zstore 6.5.4 Database Disclosure
==================================================================================================================================== | Title : Zstore version 6.5.4 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit ...
CVE-2022-4931
The BackupWordPress plugin for WordPress is vulnerable to information disclosure in versions up to, and including 3.12. This is due to missing authorization on the heartbeatreceived function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with...
Roteador Wireless Intelbras WRN150 Authentication Bypass
Exploit Title: Autentication Bypass/Config file download - INTELBRAS WRN150 Date: 28/09/2017 Exploit Author: Elber Tavares Vendor Homepage: http://intelbras.com.br/ Version: Intelbras Wireless N 150 Mbps - WRN 150 Tested on: kali linux, windows 7, 8.1, 10 For more info:...
Wordpress BackWPup Plugin File Download Vulnerability
WordPress is the WordPress Software Foundation a set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up a personal blog site.BackWPup is one of the automatic backup plugin. A security vulnerability exists in versions of the Wordpress BackWPup...
Kasseler CMS 2.0.5 - Bypass / Download Backup Vulnerability
No description provided by source...
CitusCMS 0.6 Backup Disclosure
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...
CitusCMS <= 0.6 Download Backup Vulnerability
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...