14 matches found
EUVD-2026-13158
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 contain a Command injection vulnerability in the backup functionality that can be exploited by authenticated attackers. The vulnerability exists due to insufficient...
PT-2026-26288
Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0.2 Description OpenEMR is a free and open source electronic health records and medical practice management application. A command injection issue exists in the backup functionality due to insufficient input...
Saltcorn's Reflected XSS and Command Injection vulnerabilities can be chained for 1-click-RCE
Summary 1. There is a reflected XSS vulnerability in the GET /admin/edit-codepage/:name route through the name parameter. This can be used to hijack the session of an admin if they click a specially crafted link. 2. Additionally, there is a Command Injection vulnerability in GET /admin/backup. Th...
GHSA-CR3W-CW5W-H3FJ Saltcorn's Reflected XSS and Command Injection vulnerabilities can be chained for 1-click-RCE
Summary 1. There is a reflected XSS vulnerability in the GET /admin/edit-codepage/:name route through the name parameter. This can be used to hijack the session of an admin if they click a specially crafted link. 2. Additionally, there is a Command Injection vulnerability in GET /admin/backup. Th...
MiracleLinux 7 : rh-mysql56-mysql-5.6.37-5.el7 (AXSA:2017-2301:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2301:01 advisory. An integer overflow flaw leading to a buffer overflow was found in the way MySQL parsed connection handshake packets. An unauthenticated remote...
USN-6245-1: Trove vulnerabilities
Adam Bell discovered that Trove incorrectly handled arguments to the backup command. A remote attacker could possibly use this issue to execute arbitrary code...
USN-6245-1 openstack-trove vulnerabilities
Adam Bell discovered that Trove incorrectly handled arguments to the backup command. A remote attacker could possibly use this issue to execute arbitrary code...
PT-2023-36317 · Trove · Trove
Name of the Vulnerable Software and Affected Versions: Trove affected versions not specified Description: The issue is related to the incorrect handling of arguments to the backup command by Trove. A remote attacker could possibly use this issue to execute arbitrary code. Recommendations: At the...
In search of the Triangulation: triangle_check utility
In our initial blogpost about "Operation Triangulation", we published a comprehensive guide on how to manually check iOS device backups for possible indicators of compromise using MVT. This process takes time and requires manual search for several types of indicators. To automate this process, we...
UBUNTU-CVE-2020-11060
In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a CSRF. Due to the difficulty of the exploitation, the attack is only conceivable by an account...
CVE-2014-5158
The 1 av-centerd SOAP service and 2 backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary commands via unspecified vectors...
Command injection
The 1 av-centerd SOAP service and 2 backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary commands via unspecified vectors...
AlienVault OSSIM backup Command Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ossim-framework service. The issue lies in the handling of the backup command due...
Microsoft SQL Server Backup Restoring Memory Corruption (MS08-040; CVE-2008-0107)
Microsoft SQL Server is a relational database management system RDBMS. Microsoft SQL Server uses Transact-SQL T-SQL, a proprietary extension to Structured Query Language SQL, for querying and modifying data and managing databases. SQL Server can be remotely access via the Tabular Data Stream TDS...