61 matches found
EUVD-2019-2268
Malware in sbrugna...
EUVD-2020-27000
Malware in sbrugna...
EUVD-2019-2267
Malware in sbrugna...
EUVD-2019-2266
Malware in sbrugna...
CVE-2020-5846
An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.3.0.30 via a "PUT /obs/obm7/file/upload" request with the base64-encoded pathname in the X-RSW-custom-encode-path HTTP header, and the content in the HTTP request body. It is possible to upload a file in...
CVE-2019-10264
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. With a valid administrator account, the "Move / Import / Export Users" screen has an Import Users option. This option accepts a ZIP archive containing a users.xml file that can trigger XXE...
CVE-2019-10266
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When sending an out-of-bounds XML document to a URL, it is possible to read the file structure and even the content of files without authentication...
CVE-2019-10265
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. On the /cbs/system/ShowAdvanced.do "File Explorer" screen, it is possible to change the directory in the JavaScript code. If changed to for example "C:" then one can browse the whole server...
CVE-2019-10263
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When creating a trial account, it is possible to inject XSS in the Alias field, allowing the attacker to retrieve the admin's cookie and take over the account...
CVE-2019-10267
An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to upload a file into any directory of the server. One can insert a JSP shell into the web server's directory and execute it. This leads to full access to the system, as the...
Ahsay Cloud Backup Solutions Command Injection (CVE-2022-37027)
A command injection vulnerability exists in Ahsay Cloud Backup Solutions. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
CVE-2022-37027
Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to inject arbitrary Java JVM options. Administrators that can modify the Runtime Options in the web interface can inject Java Runtime Options. These take effect after a restart. For example, an attacker can enable JMX services and...
CVE-2022-37027
This CVE affects Ahsay AhsayCBS 9.1.4.0. An authenticated system user who can modify the Runtime Options in the web interface can inject arbitrary Java JVM options, which take effect after a restart. In the documented scenario, this can enable JMX services and lead to remote code execution as the...
Ahsay Systems Cloud Backup Suite 参数注入漏洞
Ahsay Systems Cloud Backup Suite is a centralized cloud backup solution from Ahsay Systems in Hong Kong, China. The product supports features such as database backup and physical server backup. A parameter injection vulnerability exists in Ahsay Systems Cloud Backup Suite version 9.1.4.0. An...
PT-2022-23761 · Ahsay · Ahsaycbs
Name of the Vulnerable Software and Affected Versions: Ahsay AhsayCBS version 9.1.4.0 Description: The issue allows an authenticated system user to inject arbitrary Java JVM options. Administrators with the ability to modify the Runtime Options in the web interface can inject Java Runtime Options...
CVE-2020-5846
An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.3.0.30 via a "PUT /obs/obm7/file/upload" request with the base64-encoded pathname in the X-RSW-custom-encode-path HTTP header, and the content in the HTTP request body. It is possible to upload a file in...
CVE-2020-5846
An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.3.0.30 via a "PUT /obs/obm7/file/upload" request with the base64-encoded pathname in the X-RSW-custom-encode-path HTTP header, and the content in the HTTP request body. It is possible to upload a file in...
Design/Logic Flaw
An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.3.0.30 via a "PUT /obs/obm7/file/upload" request with the base64-encoded pathname in the X-RSW-custom-encode-path HTTP header, and the content in the HTTP request body. It is possible to upload a file in...
CVE-2020-5846
An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.3.0.30 via a "PUT /obs/obm7/file/upload" request with the base64-encoded pathname in the X-RSW-custom-encode-path HTTP header, and the content in the HTTP request body. It is possible to upload a file in...
CVE-2020-5846
The CVE-2020-5846 issue affects Ahsay Cloud Backup Suite 8.3.0.30. It describes an insecure file upload via PUT /obs/obm7/file/upload, where a base64-encoded pathname is supplied in the X-RSW-custom-encode-path header and the file contents in the request body. This allows uploading a file into an...