39 matches found
EUVD-2019-2266
Malware in sbrugna...
EUVD-2019-2267
Malware in sbrugna...
EUVD-2019-2268
Malware in sbrugna...
CVE-2020-5846
An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.3.0.30 via a "PUT /obs/obm7/file/upload" request with the base64-encoded pathname in the X-RSW-custom-encode-path HTTP header, and the content in the HTTP request body. It is possible to upload a file in...
CVE-2019-10264
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. With a valid administrator account, the "Move / Import / Export Users" screen has an Import Users option. This option accepts a ZIP archive containing a users.xml file that can trigger XXE...
CVE-2019-10266
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When sending an out-of-bounds XML document to a URL, it is possible to read the file structure and even the content of files without authentication...
CVE-2019-10265
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. On the /cbs/system/ShowAdvanced.do "File Explorer" screen, it is possible to change the directory in the JavaScript code. If changed to for example "C:" then one can browse the whole server...
CVE-2019-10263
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When creating a trial account, it is possible to inject XSS in the Alias field, allowing the attacker to retrieve the admin's cookie and take over the account...
CVE-2019-10267
An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to upload a file into any directory of the server. One can insert a JSP shell into the web server's directory and execute it. This leads to full access to the system, as the...
Ahsay Systems Cloud Backup Suite 参数注入漏洞
Ahsay Systems Cloud Backup Suite is a centralized cloud backup solution from Ahsay Systems in Hong Kong, China. The product supports features such as database backup and physical server backup. A parameter injection vulnerability exists in Ahsay Systems Cloud Backup Suite version 9.1.4.0. An...
CVE-2020-5846
An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.3.0.30 via a "PUT /obs/obm7/file/upload" request with the base64-encoded pathname in the X-RSW-custom-encode-path HTTP header, and the content in the HTTP request body. It is possible to upload a file in...
CVE-2020-5846
An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.3.0.30 via a "PUT /obs/obm7/file/upload" request with the base64-encoded pathname in the X-RSW-custom-encode-path HTTP header, and the content in the HTTP request body. It is possible to upload a file in...
Design/Logic Flaw
An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.3.0.30 via a "PUT /obs/obm7/file/upload" request with the base64-encoded pathname in the X-RSW-custom-encode-path HTTP header, and the content in the HTTP request body. It is possible to upload a file in...
CVE-2020-5846
An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.3.0.30 via a "PUT /obs/obm7/file/upload" request with the base64-encoded pathname in the X-RSW-custom-encode-path HTTP header, and the content in the HTTP request body. It is possible to upload a file in...
Ahsay Systems Cloud Backup Suite Path Traversal Vulnerability
Ahsay Systems Cloud Backup Suite is a cloud-based backup software suite from Ahsay Systems. A path traversal vulnerability exists in the File Explorer page in /cbs/system/ShowAdvanced.do in Ahsay Systems Cloud Backup Suite versions prior to 8.1.1.50. The vulnerability stems from a failure of a...
Ahsay Systems Cloud Backup Suite Cross-Site Scripting Vulnerability
Ahsay Systems Cloud Backup Suite is a cloud-based backup software suite from Ahsay Systems. A cross-site scripting vulnerability exists in the Alias field in Ahsay Systems Cloud Backup Suite versions prior to 8.1.1.50. The vulnerability stems from a lack of proper validation of client data by the...
Ahsay Systems Cloud Backup Suite Information Disclosure Vulnerability
Ahsay Systems Cloud Backup Suite is a cloud-based backup software suite from Ahsay Systems. An information disclosure vulnerability exists in Ahsay Systems Cloud Backup Suite versions prior to 8.1.1.50. The vulnerability stems from an error in configuration, etc. in the operation of a networked...
CVE-2019-10264
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. With a valid administrator account, the "Move / Import / Export Users" screen has an Import Users option. This option accepts a ZIP archive containing a users.xml file that can trigger XXE...
CVE-2019-10264
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. With a valid administrator account, the "Move / Import / Export Users" screen has an Import Users option. This option accepts a ZIP archive containing a users.xml file that can trigger XXE...
CVE-2019-10265
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. On the /cbs/system/ShowAdvanced.do "File Explorer" screen, it is possible to change the directory in the JavaScript code. If changed to for example "C:" then one can browse the whole server...