Acronis: Potential XSS Vulnerability in Acronis Login Callback URL

The Acronis login callback URL was found to be vulnerable to cross-site scripting XSS attacks. The redirectUrl parameter in the URL was not properly sanitized, allowing an attacker to inject arbitrary JavaScript code. This could have been exploited to steal user session cookies...

Acronis: Bypassing Recaptcha Protection in `https://connect.acronis.com`

The Recaptcha token was not properly validated in the registration process of the website https://connect.acronis.com. The same token could be reused to create multiple user accounts, bypassing the Recaptcha protection...

Acronis: Subdomain takeover of main domain of https://www.cyberlynx.lu/

Summary Hi Acronis Security Team , Hope you well. I found one of your subdomains which is www.cyberlynx.lu One of your Acquisition is pointing towards www.cyberlynx.lu canonical name = www118.wixdns.net. www118.wixdns.net canonical name = balancer.wixdns.net. balancer.wixdns.net canonical name =...

Acronis: Local Privilege Escalation in anti_ransomware_service.exe via quarantine

antiransomwareservice.exe includes a functionality to quarantine files which will copy the suspected ransomware file from one directory to another using SYSTEM privileges. As any unprivileged user has write permissions in the quarantine folder, it is possible to control this privileged write with...