16 matches found
EUVD-2019-6656
Malware in sbrugna...
CVE-2019-15720
CloudBerry Backup v6.1.2.34 allows local privilege escalation via a Pre or Post backup action. With only user-level access, a user can modify the backup plan and add a Pre backup action script that executes on behalf of NT AUTHORITY\SYSTEM...
CVE-2022-0833
The Church Admin WordPress plugin before 3.4.135 does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated attackers to repeatedly request the "refresh-backup" action, and simultaneously keep requesting a publicly accessible temporary file...
no back up action if price oracle fails
Lines of code Vulnerability details Impact In ThecosomataETH.sol the calculateAmountRequiredForLP function makes calculations based on the price fetched from a curvepool oracle. There is no back up action if the price returned is 0 or if the oracle fails. This could result in false calculations i...
CVE-2019-15720
CloudBerry Backup v6.1.2.34 allows local privilege escalation via a Pre or Post backup action. With only user-level access, a user can modify the backup plan and add a Pre backup action script that executes on behalf of NT AUTHORITY\SYSTEM...
CVE-2019-15720
CloudBerry Backup v6.1.2.34 allows local privilege escalation via a Pre or Post backup action. With only user-level access, a user can modify the backup plan and add a Pre backup action script that executes on behalf of NT AUTHORITY\SYSTEM...
Design/Logic Flaw
CloudBerry Backup v6.1.2.34 allows local privilege escalation via a Pre or Post backup action. With only user-level access, a user can modify the backup plan and add a Pre backup action script that executes on behalf of NT AUTHORITY\SYSTEM...
CVE-2019-15720
CloudBerry Backup v6.1.2.34 allows local privilege escalation via a Pre or Post backup action. With only user-level access, a user can modify the backup plan and add a Pre backup action script that executes on behalf of NT AUTHORITY\SYSTEM...
Backup action is XSRF vulnerable
XSRF vulnerability was identified and fixed, so it was possible to trigger backup action taking application into maintenance mode. This could lead to overwriting an existing backup file...
Backup action is XSRF vulnerable
XSRF vulnerability was identified and fixed, so it was possible to trigger backup action taking application into maintenance mode. This could lead to overwriting an existing backup file...
Backup action is XSRF vulnerable
XSRF vulnerability was identified and fixed, so it was possible to trigger backup action taking application into maintenance mode. This could lead to overwriting an existing backup file...
WordPress Backup plugin Ready! Arbitrary File Download Vulnerability
Exploit for php platform in category web applications Exploit Title: WordPress Ready! Backup Arbitrary File Download Vulnerability . Google Dork: inurl:/wp-content/upready/ . Date: 10-09-2014 . Author: Pro Mast3r . Author E-mail : email protected Category: webapps platform: php Vendor:...
Multiple Cross-site Scripting (XSS) Vulnerabilities in Spitfire
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Spitfire which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerabilities in Spitfire 1.1 The vulnerability exists due to input sanitation error in the "cmsid" and...
Design/Logic Flaw
JBMC Software DirectAdmin before 1.334 allows local users to create or overwrite any file via a symlink attack on an arbitrary file in a certain temporary directory, related to a request for this temporary file in the PATHINFO to the CMDDB script during a backup action...
CVE-2009-1526
JBMC Software DirectAdmin before 1.334 allows local users to create or overwrite any file via a symlink attack on an arbitrary file in a certain temporary directory, related to a request for this temporary file in the PATHINFO to the CMDDB script during a backup action...
PT-2009-4023
Name of the Vulnerable Software and Affected Versions: JBMC Software DirectAdmin versions prior to 1.334 Description: The issue allows local users to create or overwrite any file via a symlink attack on an arbitrary file in a certain temporary directory. This is related to a request for this...