33 matches found
CVE-2023-27532
Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts...
CVE-2024-13911 Database Backup and check Tables Automated With Scheduler 2024 <= 2.35 - Authenticated (Administrator+) Sensitive Information Exposure
The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35 via the /dashboard/backup.php file. This makes it possible for authenticated attackers, with Administrator-level acces...
CVE-2025-24104
This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4. Restoring a maliciously crafted backup file may lead to modification of protected system files...
BIT-DISCOURSE-2024-53991 Potential Backup file leaked via Nginx in Discourse
Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use FileStore::LocalStore which means uploads and backups are stored locally on disk. If an attacker knows the name of the Discourse backup file, the attacker can trick...
A CISOs Practical Guide to Storage and Backup Ransomware Resiliency
One thing is clear. The "business value" of data continues to grow, making it an organization's primary piece of intellectual property. From a cyber risk perspective, attacks on data are the most prominent threat to organizations. Regulators, cyber insurance firms, and auditors are paying much...
CVE-2022-39251 Matrix Javascript SDK vulnerable to Olm/Megolm protocol confusion
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...
CVE-2022-29330
Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via unspecified vectors...
CVE-2020-35658
CVE-2020-35658 affects SpamTitan before version 7.09. The vulnerability arises because backups are not encrypted, enabling attackers to tamper with backups and potentially impact data integrity. The NVD entry lists CVSS v2 base score 5.0 (MEDIUM) with network access, low attack complexity, and pa...
Privilege escalation
Pexip Infinity before 20.1 allows privilege escalation by restoring a system backup...
CVE-2015-9230
The CVE-2015-9230 entry relates to the BulletProof Security WordPress plugin. Affected component: admin/db-backup-security/db-backup-security.php. Root cause: cross-site scripting (XSS) vulnerability via the DBTablePrefix parameter in plugin versions prior to 0.52.5, exploitable by remote authent...
FAQ: Cloud backup of XenMobile managed devices
Is the Worx data encrypted within the backup? If so what is the encryption level? Yes, as Xenmobile uses the iCloud services from Apple for backing up the data: iCloud secures your data by encrypting it when it's sent over the Internet, storing it in an encrypted format when kept on server review...
Edimax 7205APL
Vendor: Edimax Type: 7205APL Firmware: 2.40a-00 Kind of bug: Security Description: Normally a user called addmin, has to create a password on the Accesspoint. When you create a back-up of the settings of your Accesspoint, it will result in a config.bin file. Opening the file in Notepad gave the...
CVE-2001-0067
The installation of J-Pilot creates the .jpilot directory with the user's umask, which could allow local attackers to read other users' PalmOS backup information if their umasks are not securely set...