CVE-2025-59785 API - Insufficient Input Validation

Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges...

CVE-2025-59785

CVE-2025-59785 involves improper validation of an API end-point in 2N Access Commander v3.4.2 and earlier. The vulnerability allows an attacker who has administrator privileges to bypass the password policy used for encrypting backup files. The issue is tied to insufficient input validation on th...

Cross-site Scripting (XSS)

Overview @saltcorn/server is a Server app for Saltcorn, open-source no-code platform Affected versions of this package are vulnerable to Cross-site Scripting XSS and code execution, via the name parameter on the /admin/edit-codepage endpoint and improper handling of backup password input to the...

CVE-2025-47900 RCE on backup configuration password

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5...

CVE-2025-47900

CVE-2025-47900 is an OS command injection in Microchip Time Provider 4100 prior to version 2.5 . Root cause: improper neutralization of special elements used in OS commands. Impact: potential remote command execution with high severity; affected product is Time Provider 4100. Remediation: upgrade...

CVE-2025-47900 RCE on backup configuration password

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5...

EUVD-2013-1463

Malware in sbrugna...

EUVD-2023-31186

Malicious code in bioql PyPI...

CVE-2023-5775

The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. This is due to to the plugin improperly storing backup destination passwords in plaintext. This makes it possible for authenticated attackers, with...

CVE-2021-3473

An internal product security audit of Lenovo XClarity Controller XCC discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator LXCA is used to perform the backup/restore. The backup/restore password typically exists...

CVE-2023-6287 Backup password in GET parameter

Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local attacker to retrieve passwords via reading log files...

CVE-2023-27410

A vulnerability has been identified in SCALANCE LPE9403 All versions V2.1. A heap-based buffer overflow vulnerability was found in the edgeboxwebapp binary. The binary will crash if supplied with a backup password longer than 255 characters. This could allow an authenticated privileged attacker t...

Heap overflow

A vulnerability has been identified in SCALANCE LPE9403 All versions V2.1. A heap-based buffer overflow vulnerability was found in the edgeboxwebapp binary. The binary will crash if supplied with a backup password longer than 255 characters. This could allow an authenticated privileged attacker t...

PT-2023-21099 · Siemens · Scalance Lpe9403

Name of the Vulnerable Software and Affected Versions: SCALANCE LPE9403 versions prior to V2.1 Description: A heap-based buffer overflow issue was found in the edgebox web app binary. This occurs when a backup password longer than 255 characters is supplied, causing the binary to crash. An...

Nextcloud 安全特征问题漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from a security signature issue vulnerability that stems from the weak complexity of the backup password generated when creating a share,...

CVE-2021-3473

An internal product security audit of Lenovo XClarity Controller XCC discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator LXCA is used to perform the backup/restore. The backup/restore password typically exists...

CVE-2020-12595

An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP backup server that they might not otherwise be authorized to access. This affects SMG prior to 10.7.4...

CVE-2013-1425

ldap-git-backup before 1.0.4 exposes password hashes due to incorrect directory permissions...

Huawei Backup App Session Vulnerability

Huawei Backup App is a cell phone file backup tool. A session vulnerability exists in Huawei Backup App, which allows a local attacker to reset the password of the backup encrypted area to access the backup files and restore or copy them...

Apple iOS iOS Backup Password Reset Vulnerability

Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. Apple iOS has a security vulnerability that allows physically accessible local users to be able to reset passwords for failed iOS backup attempts...