25 matches found
CVE-2026-9508
Incorrect permission settings on a critical resource in Suprema BioStar 2 versions 2.9.3 through 2.9.11 that allow backup files to be publicly exposed when the administrator configures their path within the NGINX webroot. This vulnerability allows an attacker with network access to directly...
CVE-2026-9508
Incorrect permission settings on a critical resource in Suprema BioStar 2 versions 2.9.3 through 2.9.11 that allow backup files to be publicly exposed when the administrator configures their path within the NGINX webroot. This vulnerability allows an attacker with network access to directly...
EUVD-2026-33282
Incorrect permission settings on a critical resource in Suprema BioStar 2 versions 2.9.3 through 2.9.11 that allow backup files to be publicly exposed when the administrator configures their path within the NGINX webroot. This vulnerability allows an attacker with network access to directly...
VulnCheck KEV: CVE-2025-69200
phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger generation of a configuration backup ZIP via POST /api/setup/backup and then download the generated ZIP from a web-accessible location. The ZIP contains sensitive...
CVE-2021-47757
Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability in the backup restoration functionality. Authenticated attackers can upload a modified backup zip file with a malicious PHP shell to execute arbitrary system commands on the server...
CVE-2021-47757 Chikitsa Patient Management System 2.0.2 - 'plugin' Remote Code Execution (RCE) (Authenticated)
Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability in the backup restoration functionality. Authenticated attackers can upload a modified backup zip file with a malicious PHP shell to execute arbitrary system commands on the server...
CVE-2025-69200
phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger generation of a configuration backup ZIP via POST /api/setup/backup and then download the generated ZIP from a web-accessible location. The ZIP contains sensitive...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the Backup ZipSlip. An attacker can create or overwrite files in arbitrary locations within the application's privilege scope by inserting data entries with absolute paths or parent directory traversal sequences...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the Backup ZipSlip. An attacker can create or overwrite files in arbitrary locations within the application's privilege scope by inserting data entries with absolute paths or parent directory traversal sequences...
EUVD-2025-18177
Malicious code in bioql PyPI...
EUVD-2023-41952
Malicious code in bioql PyPI...
CVE-2025-49199
The backup ZIPs are not signed by the application, leading to the possibility that an attacker can download a backup ZIP, modify and re-upload it. This allows the attacker to disrupt the application by configuring the services in a way that they are unable to run, making the application unusable...
SICK Field Analytics和SICK Media Server 数据伪造问题漏洞
SICK Field Analytics and SICK Media Server are both products of SICK GmbH, Germany.SICK Field Analytics is software for evaluating manufacturing data.SICK Media Server is a media server. A security vulnerability exists in SICK Field Analytics and SICK Media Server that stems from an unsigned back...
CVE-2023-38126
Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability. The specific fl...
CVE-2023-38126
Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability. The specific fl...
CVE-2023-38126
Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability. The specific fl...
Remote code execution
Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability. The specific fl...
CVE-2023-38126 Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability
Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability. The specific fl...
PT-2023-26311 · Softing · Softing Edgeaggregator
Name of the Vulnerable Software and Affected Versions: Softing edgeAggregator affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this issue. The specif...
(0Day) (Pwn2Own) Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of backup zip files. The issue results from the lack of proper...