19 matches found
CVE-2020-37082 webERP 4.15.1 - Unauthenticated Backup File Access
webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers to download database backup files without authentication. Attackers can directly access generated backup files in the companies/weberp/ directory by requesting the Backuptimestamp.sql.gz file...
CVE-2019-16155
A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted "BackupConfig" type IPC client requests to the fctsched process. Further more...
CVE-2022-47732
In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which...
CVE-2017-18391
cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval SEC-323...
PT-2024-10772 · Epson +1 · Epson Products +1
Name of the Vulnerable Software and Affected Versions: Siime Eye version 14.1.00000001.3.330.0.0.3.14 Description: An issue was discovered in Siime Eye where information on all users, including passwords, can be found in cleartext in a backup file created through the web interface. An attacker...
CVE-2024-20280
A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method that is used fo...
CVE-2024-22988
ZKteco ZKBio WDMS before 9.0.2 Build 20250526 allows an attacker to download a database backup via the /files/backup/ component because the filename is based on a predictable timestamp...
PT-2023-25454 · Intelbras · Intelbras Switch Sg 2404 Mr
Name of the Vulnerable Software and Affected Versions: Intelbras Switch SG 2404 MR version 1.00.54 Description: The issue is related to an authentication bypass that allows an unauthenticated attacker to download the device's backup file, exposing critical configuration information...
PT-2022-25402 · Tp Link · Tp Link Archer Ax10
Name of the Vulnerable Software and Affected Versions: TP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. 574505553 Description: The issue allows authenticated attackers to execute arbitrary code via a crafted backup file. Recommendations: For TP Link Archer AX10 V1 Firmware Versio...
Backup File Download Vulnerability in Yunyou CMS
CloudYou CMS is a free + open source urban substation content management system based on TP5.0 framework as the core development. CloudYou CMS has a backup file download vulnerability that can be exploited by attackers to download backup files and obtain sensitive information...
webERP 4.15.1 Backup Disclosure
Exploit Title: webERP 4.15.1 - Unauthenticated Backup File Access Date: 2020-05-01 Author: Besim ALTINOK Vendor Homepage: http://www.weberp.org Software Link: https://sourceforge.net/projects/web-erp/ Version: v4.15.1 Tested on: Xampp Credit: İsmail BOZKURT...
webERP 4.15.1 - Unauthenticated Backup File Access Vulnerability
Exploit for php platform in category web applications Exploit Title: webERP 4.15.1 - Unauthenticated Backup File Access Author: Besim ALTINOK Vendor Homepage: http://www.weberp.org Software Link: https://sourceforge.net/projects/web-erp/ Version: v4.15.1 Tested on: Xampp Credit: İsmail BOZKURT...
webERP 4.15.1 - Unauthenticated Backup File Access
Exploit Title: webERP 4.15.1 - Unauthenticated Backup File Access Date: 2020-05-01 Author: Besim ALTINOK Vendor Homepage: http://www.weberp.org Software Link: https://sourceforge.net/projects/web-erp/ Version: v4.15.1 Tested on: Xampp Credit: İsmail BOZKURT...
Technicolor TC7200 Modem / Router STD6.02.11 - Multiple Vulnerabilities
Exploit for hardware platform in category web applications ''' Technicolor TC7200 modem/router multiple vulnerabilities -------------------------------------------------------- Platforms / Firmware confirmed affected: - Technicolor TC7200, STD6.02.11 - Product page:...
Thomson Wireless VoIP Cable Modem Auth Bypass
No description provided by source. Exploit Title: Thomson Wireless VoIP Cable Modem Auth Bypass Date: February 22, 2011 Authors: Glafkos Charalambous, George Nicolaou Product: TWG850-4 Wireless VoIP Cable Modem Software Version: ST9A.01.06 Severity: High Other Vulnerabilities: Unauthenticated...
Thomson Wireless VoIP Cable Modem Authentication Bypass
Exploit Title: Thomson Wireless VoIP Cable Modem Auth Bypass Date: February 22, 2011 Authors: Glafkos Charalambous, George Nicolaou Product: TWG850-4 Wireless VoIP Cable Modem Software Version: ST9A.01.06 Severity: High Other Vulnerabilities: Unauthenticated Backup File Access, Plaintext Protocol...
pafaq.pl.txt
!/usr/bin/perl -w paFaq 1.0 Add Administrator PoC // By James // http://www.gulftech.org use LWP::UserAgent; Set up the LWP User Agent $ua = new LWP::UserAgent; $ua-agent"paFaq Hash Grabber v1.0"; if !$ARGV0 print "Usage : pafaq.pl http://path/to/pafaq"; exit; my $keytime = time; my $dbmpath =...
Debian DSA-230-1 : bugzilla - insecure permissions, spurious backup files
Two vulnerabilities have been discovered in Bugzilla, a web-based bug tracking system, by its authors. The Common Vulnerabilities and Exposures Project identifies the following vulnerabilities : CAN-2003-0012 BugTraq ID 6502 The provided data collection script intended to be run as a nightly cron...
[SECURITY] [DSA 230-1] New bugzilla packages fix unauthorized data modification
-------------------------------------------------------------------------- Debian Security Advisory DSA 230-1 [email protected] http://www.debian.org/security/ Martin Schulze January 16th, 2003 http://www.debian.org/security/faq -...