Microsoft OneDrive 路径遍历漏洞

Microsoft OneDrive is a cloud backup application from Microsoft USA. The program features automatic backup of photo albums, online office and file sharing. A path traversal vulnerability exists in Microsoft OneDrive for Android. An attacker can exploit the vulnerability to elevate privileges...

SonicWall Confirms State-Sponsored Hackers Behind September Cloud Backup Breach

SonicWall has formally implicated state-sponsored threat actors as behind the September security breach that led to the unauthorized exposure of firewall configuration backup files. "The malicious activity – carried out by a state-sponsored threat actor – was isolated to the unauthorized access o...

Experts Warn of Widespread SonicWall VPN Compromise Impacting Over 100 Accounts

Cybersecurity company Huntress on Friday warned of "widespread compromise" of SonicWall SSL VPN devices to access multiple customer environments. "Threat actors are authenticating into multiple accounts rapidly across compromised devices," it said. "The speed and scale of these attacks imply that...

SonicWall Says All Firewall Backups Were Accessed by Hackers

SonicWall has confirmed that attackers accessed cloud backup configuration files for all customers using its backup service exposing encrypted credentials and network configurations...

EUVD-2019-2268

Malware in sbrugna...

EUVD-2019-2267

Malware in sbrugna...

EUVD-2019-2266

Malware in sbrugna...

EUVD-2022-6370

Malicious code in bioql PyPI...

SonicWall Urges Password Resets After Cloud Backup Breach Affecting Under 5% of Customers

SonicWall is urging customers to reset credentials after their firewall configuration backup files were exposed in a security breach impacting MySonicWall accounts. The company said it recently detected suspicious activity targeting the cloud backup service for firewalls, and that unknown threat...

Hidden Vulnerabilities of Project Management Tools & How FluentPro Backup Secures Them

Every day, businesses, teams, and project managers trust platforms like Trello, Asana, etc., to collaborate and manage tasks. But what happens when that trust is broken? According to a recent report by Statista, the average cost of a data breach worldwide was about $4.88 million. Also, in 2024, t...

Hewlett Packard Enterprise StoreOnce 命令注入漏洞

Hewlett Packard Enterprise StoreOnce is a cloud backup data protection system from Hewlett Packard Enterprise USA. A security vulnerability exists in Hewlett Packard Enterprise StoreOnce that stems from a command injection that could lead to remote code execution...

Hewlett Packard Enterprise StoreOnce 命令注入漏洞

Hewlett Packard Enterprise StoreOnce is a cloud backup data protection system from Hewlett Packard Enterprise USA. A security vulnerability exists in Hewlett Packard Enterprise StoreOnce that stems from a command injection that could lead to remote code execution...

Hewlett Packard Enterprise StoreOnce 授权问题漏洞

Hewlett Packard Enterprise StoreOnce is a cloud backup data protection system from Hewlett Packard Enterprise USA. A security vulnerability exists in Hewlett Packard Enterprise StoreOnce that stems from an authentication bypass...

CVE-2022-36917

A missing permission check in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers with Overall/Read permission to request a manual backup...

CVE-2022-36916

A cross-site request forgery CSRF vulnerability in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers to request a manual backup...

CVE-2020-5846

An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.3.0.30 via a "PUT /obs/obm7/file/upload" request with the base64-encoded pathname in the X-RSW-custom-encode-path HTTP header, and the content in the HTTP request body. It is possible to upload a file in...

CVE-2019-10264

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. With a valid administrator account, the "Move / Import / Export Users" screen has an Import Users option. This option accepts a ZIP archive containing a users.xml file that can trigger XXE...

CVE-2019-10266

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When sending an out-of-bounds XML document to a URL, it is possible to read the file structure and even the content of files without authentication...

CVE-2019-10265

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. On the /cbs/system/ShowAdvanced.do "File Explorer" screen, it is possible to change the directory in the JavaScript code. If changed to for example "C:" then one can browse the whole server...

CVE-2019-10263

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When creating a trial account, it is possible to inject XSS in the Alias field, allowing the attacker to retrieve the admin's cookie and take over the account...