CVE-2026-27965

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored...

PT-2025-50507

Name of the Vulnerable Software and Affected Versions SpinetiX Fusion Digital Signage versions 3.4.8 and lower Description The software contains an authenticated path traversal flaw. This allows attackers to manipulate file backup and deletion operations using unverified input parameters...

EUVD-2016-2600

Malware in sbrugna...

EUVD-2024-37268

Malicious code in bioql PyPI...

CVE-2020-36248

The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive...

CVE-2024-43656 A backup can be manipulated and then restored to create arbitrary files inside the <redacted> directory. A CGI script can be added to the web directory this way, allowing for full remote code execution.

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701. Likelihood: Moderate – It might be difficult for an attacker to identify the fil...

CVE-2024-43656

CVE-2024-43656 affects Iocharger firmware for AC model chargers prior to 24120701. The vulnerability arises from improper neutralization of special elements leading to OS command injection as root when a backup is manipulated and restored, allowing an attacker to create arbitrary files and ultima...

CVE-2024-43656 A backup can be manipulated and then restored to create arbitrary files inside the <redacted> directory. A CGI script can be added to the web directory this way, allowing for full remote code execution.

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701. Likelihood: Moderate – It might be difficult for an attacker to identify the fil...

IBM Storage Protect License Issue Vulnerability

IBM Storage Protect IBM Spectrum Protect is a backup software from International Business Machines IBM. Provides comprehensive data data disaster recovery capabilities for physical file servers, virtual environments, and various applications. An authorization issue vulnerability exists in IBM...

PT-2019-15379 · Xiaomi · Xiaomi Mi Wifi R3G

Name of the Vulnerable Software and Affected Versions: Xiaomi Mi WiFi R3G versions prior to 2.28.23-stable Description: An issue was discovered where the backup file in tar.gz format can be manipulated to control the contents of the decompressed directory. Additionally, a command injection...

Arq 5.10 Local Privilege Escalation

!/usr/bin/env ruby Arq USE AT YOUR OWN RISK - THIS WILL OVERWRITE THE ROOT USER'S CRONTAB! $binarytarget = "/tmp/arq510exp" class Arq510PrivEsc def initializeargs @payloadfile = ".arq510exppayload" @hmacfile = ENV"HOME" + "/.arq510exphmac" @backupfile = ENV"HOME" + "/" + @payloadfile @target =...

Authentication flaw

NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication and then list and delete backups via unspecified vectors...

Artiphp CMS 5.5.0 database backup disclosure Exploit-vulnerability warning-the black bar safety net

? php / Artiphp CMS 5.5.0 Database Backup Disclosure Exploit Author: Artiphp www.2cto.com http://www.artiphp.com Affected version: 5.5.0 Neo r422 Summary: Artiphp is a content management system CMS open and free to create and manage your website. Description: Artiphp stores database backups using...