Exploit for Command Injection in Veeam Veeam_Backup_\&_Replication

Affected Software: PostgreSQL 15.x before 15.7, 16.x before 16...

CVE-2025-9573

The nsbackup extension through 13.0.2 for TYPO3 allows command injection...

CVE-2025-9573

The CVE-2025-9573 entry concerns TYPO3 ns_backup (ns-backup) extension versions up to 13.0.2, where a command injection flaw exists in the generateBackup function. The root cause is improper handling of input that leads to arbitrary command execution when an administrator uses the extension’s bac...

PT-2025-35546

Name of the Vulnerable Software and Affected Versions: TYPO3 ns backup extension versions through 13.0.2 Description: The ns backup extension for TYPO3 allows command injection. Recommendations: Update to a version beyond 13.0.2...

CVE-2025-48206

The nsbackup extension through 13.0.0 for TYPO3 allows XSS...

The Backup Plus extension for TYPO3 (ns_backup) allows command injections

The nsbackup extension through 13.0.0 for TYPO3 allows command injection when creating a backup. An authenticated backend user with access to the extensions backend module is required to exploit the vulnerability...

Command Injection

Overview nitsan/ns-backup is an extension for TYPO3 that lets you save your code, files, and database with just a few clicks. Install Backup Plus and connect it to your cloud storage like Google Drive, Dropbox, Amazon S3, SFTP, Rsync, etc.. Affected versions of this package are vulnerable to...

PT-2025-22375

Name of the Vulnerable Software and Affected Versions TYPO3 ns backup extension versions prior to 13.0.1 Description The issue allows for XSS. Recommendations For versions prior to 13.0.1, update to version 13.0.1 or later to resolve the issue...

PT-2025-22370

Name of the Vulnerable Software and Affected Versions ns backup extension for TYPO3 version 13.0.0 and earlier Description The issue concerns a Predictable Resource Location in the ns backup extension for TYPO3. This allows an unauthenticated remote user to download created backups and...

CVE-2024-8767

Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel & WHM Linux before build 619, Acronis Backup extension for Plesk Linux before build 555, Acronis Backup plugin for DirectAdmin Linux before...

fuzzdb-collect

This repository appears to be a collection of files related to filename bruteforce attacks. The files are in a format that suggests they are used for testing or fuzzing purposes. The Extensions.Backup.fuzz.txt file contains a...