1288 matches found
CVE-2025-68462
Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases...
UBUNTU-CVE-2025-68462
Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases...
CVE-2025-68462
CVE-2025-68462 affects Freedombox prior to 25.17.1. The vulnerability arises from improper permissions on the backups-data directory, which can allow reading of database dump files stored there. The CVSS baseline indicates a local attack with high complexity and no privileges required, yielding a...
CVE-2025-68462
Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases...
CVE-2025-68462
Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases...
PT-2025-51993
Name of the Vulnerable Software and Affected Versions Freedombox versions prior to 25.17.1 Description Freedombox versions prior to 25.17.1 do not establish appropriate permissions for the backups-data directory. This allows unauthorized access to database dump files. Recommendations Update to...
Linux Distros Unpatched Vulnerability : CVE-2025-68462
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases. CVE-2025-68462 Note...
📄 GetSimple CMS 3.3.16 Cross Site Request Forgery
GetSimple CMS version 3.3.16 cross site request forgery proof of concept that deletes all backups without user confirmation. ============================================================================================================================================= | Title : GetSimple CMS 3.3.16...
EUVD-2025-203201
The Export WP Page to Static HTML & PDF plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.4 through publicly exposed cookies.txt files containing authentication cookies. This makes it possible for unauthenticated attackers to cookies th...
CVE-2025-11693
CVE-2025-11693 affects the WordPress plugin “Export WP Page to Static HTML & PDF” (versions up to 4.3.4). It exposes authentication cookies via a publicly accessible cookies.txt log file, potentially leaking cookies injected during backups triggered by high-privilege roles (e.g., administrator). ...
PT-2025-51053
Name of the Vulnerable Software and Affected Versions Export WP Page to Static HTML & PDF plugin for WordPress versions up to and including 4.3.4 Description The software is susceptible to sensitive information exposure due to publicly exposed cookies.txt files containing authentication cookies...
CVE-2023-53739
Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3settings.bin file and extract base64-encoded user and admin passwords witho...
CVE-2020-36887
SpinetiX Fusion Digital Signage 3.4.8 contains an unauthenticated information disclosure vulnerability in the database backup directory. Attackers can access the /content/files/backups/ endpoint to download sensitive backup files containing user credentials and system information...
CVE-2020-36887
SpinetiX Fusion Digital Signage 3.4.8 contains an unauthenticated information disclosure vulnerability in the database backup directory. Attackers can access the /content/files/backups/ endpoint to download sensitive backup files containing user credentials and system information...
CVE-2020-36887 SpinetiX Fusion Digital Signage 3.4.8 Unauthenticated Database Backup Disclosure
SpinetiX Fusion Digital Signage 3.4.8 contains an unauthenticated information disclosure vulnerability in the database backup directory. Attackers can access the /content/files/backups/ endpoint to download sensitive backup files containing user credentials and system information...
CVE-2020-36887 SpinetiX Fusion Digital Signage 3.4.8 Unauthenticated Database Backup Disclosure
SpinetiX Fusion Digital Signage 3.4.8 contains an unauthenticated information disclosure vulnerability in the database backup directory. Attackers can access the /content/files/backups/ endpoint to download sensitive backup files containing user credentials and system information...
CVE-2020-36887
SpinetiX Fusion Digital Signage 3.4.8 has an unauthenticated information disclosure vulnerability in the database backup directory. The /content/files/backups/ endpoint can be accessed to download sensitive backup files containing user credentials and system information. Exploitation details are ...
PT-2025-50511
SpinetiX Fusion Digital Signage 3.4.8 contains an unauthenticated information disclosure vulnerability in the database backup directory. Attackers can access the /content/files/backups/ endpoint to download sensitive backup files containing user credentials and system information...
EUVD-2023-60177
Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3settings.bin file and extract base64-encoded user and admin passwords witho...
CVE-2023-53739
Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3settings.bin file and extract base64-encoded user and admin passwords witho...