1288 matches found
The vulnerability of the Backup Plus (ns_backup) extension of the TYPO3 content management system allows a hacker to gain unauthorized access to protected information.
The vulnerability of the Backup Plus nsbackup extension of the TYPO3 content management system is related to errors in the access control for saved backup files and configurations. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
CVE-2024-47948
In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups...
CVE-2024-5264
Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows a user with administrative console access to access backups taken via offline analysis...
CVE-2024-29965
In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface "SSH". The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the...
CVE-2023-28630
GoCD is an open source continuous delivery server. In GoCD versions from 20.5.0 and below 23.1.0, if the server environment is not correctly configured by administrators to provide access to the relevant PostgreSQL or MySQL backup tools, the credentials for database access may be unintentionally...
CVE-2023-23327
An Information Disclosure vulnerability exists in AvantFAX 3.3.7. Backups of the AvantFAX sent/received faxes, and database backups are stored using the current date as the filename and hosted on the web server without access controls...
CVE-2023-5504
The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default...
CVE-2022-29839
Insufficiently Protected Credentials vulnerability in the remote backups application on Western Digital My Cloud devices that could allow an attacker who has gained access to a relevant endpoint to use that information to access protected data. This issue affects: Western Digital My Cloud My Clou...
CVE-2021-38599
WAL-G before 1.1, when a non-libsodium build e.g., one of the official binary releases published as GitHub Releases is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user likely wanted to...
CVE-2021-24172
The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the DB, plugins, and current...
CVE-2021-37401
An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded...
CVE-2021-20114
When installed following the default/recommended settings, TCExam = 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files...
CVE-2021-24174
The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups...
CVE-2021-24173
The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as update the plugin's options, leading to a Stored Cross-Site Scripting issue...
CVE-2020-35658
SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted...
CVE-2018-20909
cPanel before 70.0.23 allows arbitrary file-chmod operations during legacy incremental backups SEC-338...
CVE-2017-18390
cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups SEC-322...
Direct Request ('Forced Browsing')
Overview nitsan/ns-backup is an extension for TYPO3 that lets you save your code, files, and database with just a few clicks. Install Backup Plus and connect it to your cloud storage like Google Drive, Dropbox, Amazon S3, SFTP, Rsync, etc.. Affected versions of this package are vulnerable to Dire...
PT-2025-22370
Name of the Vulnerable Software and Affected Versions ns backup extension for TYPO3 version 13.0.0 and earlier Description The issue concerns a Predictable Resource Location in the ns backup extension for TYPO3. This allows an unauthenticated remote user to download created backups and...
Using Veeam Agents with HPE VM Essentials
Article Aplicability This article was created before the release of the Veeam Plug-In for HPE Morpheus VM Essentials. Its content reflects an alternative solution that was available before the direct integration of HPE Morpheus VM Essentials management as a virtual environment in Veeam Backup &...