Lucene search
K

39 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-2266

Malware in sbrugna...

6.1CVSS6.4AI score0.00826EPSS
Exploits5References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-2267

Malware in sbrugna...

7.2CVSS7AI score0.01335EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-2268

Malware in sbrugna...

7.8CVSS7.6AI score0.02501EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 5:43 p.m.15 views

CVE-2020-5846

An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.3.0.30 via a "PUT /obs/obm7/file/upload" request with the base64-encoded pathname in the X-RSW-custom-encode-path HTTP header, and the content in the HTTP request body. It is possible to upload a file in...

8.8CVSS7.4AI score0.01399EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:45 a.m.7 views

CVE-2019-10264

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. With a valid administrator account, the "Move / Import / Export Users" screen has an Import Users option. This option accepts a ZIP archive containing a users.xml file that can trigger XXE...

7.2CVSS6.9AI score0.01335EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:45 a.m.6 views

CVE-2019-10266

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When sending an out-of-bounds XML document to a URL, it is possible to read the file structure and even the content of files without authentication...

7.8CVSS6.7AI score0.13301EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:14 a.m.8 views

CVE-2019-10265

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. On the /cbs/system/ShowAdvanced.do "File Explorer" screen, it is possible to change the directory in the JavaScript code. If changed to for example "C:" then one can browse the whole server...

7.8CVSS6.8AI score0.02501EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:9 a.m.6 views

CVE-2019-10263

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When creating a trial account, it is possible to inject XSS in the Alias field, allowing the attacker to retrieve the admin's cookie and take over the account...

6.1CVSS5.9AI score0.00826EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:14 a.m.6 views

CVE-2019-10267

An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to upload a file into any directory of the server. One can insert a JSP shell into the web server's directory and execute it. This leads to full access to the system, as the...

9CVSS7.4AI score0.75171EPSS
Exploits10References1
CNNVD
CNNVD
added 2022/09/21 12:0 a.m.4 views

Ahsay Systems Cloud Backup Suite 参数注入漏洞

Ahsay Systems Cloud Backup Suite is a centralized cloud backup solution from Ahsay Systems in Hong Kong, China. The product supports features such as database backup and physical server backup. A parameter injection vulnerability exists in Ahsay Systems Cloud Backup Suite version 9.1.4.0. An...

7.2CVSS7.2AI score0.21732EPSS
Exploits1References6
OSV
OSV
added 2020/01/06 9:15 p.m.4 views

CVE-2020-5846

An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.3.0.30 via a "PUT /obs/obm7/file/upload" request with the base64-encoded pathname in the X-RSW-custom-encode-path HTTP header, and the content in the HTTP request body. It is possible to upload a file in...

8.8CVSS7.7AI score0.01399EPSS
Exploits1References1
NVD
NVD
added 2020/01/06 9:15 p.m.26 views

CVE-2020-5846

An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.3.0.30 via a "PUT /obs/obm7/file/upload" request with the base64-encoded pathname in the X-RSW-custom-encode-path HTTP header, and the content in the HTTP request body. It is possible to upload a file in...

8.8CVSS8.7AI score0.01399EPSS
Exploits1References1
Prion
Prion
added 2020/01/06 9:15 p.m.13 views

Design/Logic Flaw

An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.3.0.30 via a "PUT /obs/obm7/file/upload" request with the base64-encoded pathname in the X-RSW-custom-encode-path HTTP header, and the content in the HTTP request body. It is possible to upload a file in...

4CVSS8.7AI score0.01399EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/01/06 8:11 p.m.27 views

CVE-2020-5846

An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.3.0.30 via a "PUT /obs/obm7/file/upload" request with the base64-encoded pathname in the X-RSW-custom-encode-path HTTP header, and the content in the HTTP request body. It is possible to upload a file in...

8.8AI score0.01399EPSS
Exploits1References1
CNVD
CNVD
added 2019/07/30 12:0 a.m.3 views

Ahsay Systems Cloud Backup Suite Path Traversal Vulnerability

Ahsay Systems Cloud Backup Suite is a cloud-based backup software suite from Ahsay Systems. A path traversal vulnerability exists in the File Explorer page in /cbs/system/ShowAdvanced.do in Ahsay Systems Cloud Backup Suite versions prior to 8.1.1.50. The vulnerability stems from a failure of a...

7.8CVSS6.8AI score0.02501EPSS
Exploits1References1
CNVD
CNVD
added 2019/07/30 12:0 a.m.3 views

Ahsay Systems Cloud Backup Suite Cross-Site Scripting Vulnerability

Ahsay Systems Cloud Backup Suite is a cloud-based backup software suite from Ahsay Systems. A cross-site scripting vulnerability exists in the Alias field in Ahsay Systems Cloud Backup Suite versions prior to 8.1.1.50. The vulnerability stems from a lack of proper validation of client data by the...

6.1CVSS6.3AI score0.00826EPSS
Exploits5References1
CNVD
CNVD
added 2019/07/29 12:0 a.m.2 views

Ahsay Systems Cloud Backup Suite Information Disclosure Vulnerability

Ahsay Systems Cloud Backup Suite is a cloud-based backup software suite from Ahsay Systems. An information disclosure vulnerability exists in Ahsay Systems Cloud Backup Suite versions prior to 8.1.1.50. The vulnerability stems from an error in configuration, etc. in the operation of a networked...

7.8CVSS6.1AI score0.13301EPSS
Exploits4References1
OSV
OSV
added 2019/07/26 9:15 p.m.4 views

CVE-2019-10264

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. With a valid administrator account, the "Move / Import / Export Users" screen has an Import Users option. This option accepts a ZIP archive containing a users.xml file that can trigger XXE...

7.2CVSS7.1AI score0.01335EPSS
Exploits1References1
NVD
NVD
added 2019/07/26 9:15 p.m.21 views

CVE-2019-10264

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. With a valid administrator account, the "Move / Import / Export Users" screen has an Import Users option. This option accepts a ZIP archive containing a users.xml file that can trigger XXE...

7.2CVSS6.9AI score0.01335EPSS
Exploits1References1
NVD
NVD
added 2019/07/26 9:15 p.m.21 views

CVE-2019-10265

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. On the /cbs/system/ShowAdvanced.do "File Explorer" screen, it is possible to change the directory in the JavaScript code. If changed to for example "C:" then one can browse the whole server...

7.8CVSS7.5AI score0.02501EPSS
Exploits1References1
Rows per page
Query Builder