Lucene search
K

100 matches found

Prion
Prion
added 2019/07/26 9:15 p.m.15 views

Authentication flaw

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When sending an out-of-bounds XML document to a URL, it is possible to read the file structure and even the content of files without authentication...

7.8CVSS7.3AI score0.13301EPSS
Exploits4References2Affected Software1
Cvelist
Cvelist
added 2019/07/26 8:53 p.m.39 views

CVE-2019-10267

An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to upload a file into any directory of the server. One can insert a JSP shell into the web server's directory and execute it. This leads to full access to the system, as the...

8.9AI score0.75171EPSS
Exploits10References3
CVE
CVE
added 2019/07/26 8:53 p.m.394 views

CVE-2019-10267

CVE-2019-10267 affects Ahsay Cloud Backup Suite 8.1.0.50 . The vulnerability is an insecure file upload that allows placing a file in any server directory; an attacker can upload a JSP shell to the web root and execute it, resulting in full access to the system under the configured user (e.g., Ad...

9CVSS8.8AI score0.75171EPSS
Exploits10References3Affected Software1
CVE
CVE
added 2019/07/26 8:51 p.m.376 views

CVE-2019-10266

Affected product: Ahsay Cloud Backup Suite prior to 8.1.1.50. Issue: unauthenticated, out-of-bounds XML input can trigger XML External Entity (XXE) processing, enabling an attacker to read file structures and contents from the server. Root cause: improper handling of XML input leading to informat...

7.8CVSS7.3AI score0.13301EPSS
Exploits4References2Affected Software1
Cvelist
Cvelist
added 2019/07/26 8:51 p.m.39 views

CVE-2019-10266

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When sending an out-of-bounds XML document to a URL, it is possible to read the file structure and even the content of files without authentication...

7.4AI score0.13301EPSS
Exploits4References2
Cvelist
Cvelist
added 2019/07/26 8:49 p.m.22 views

CVE-2019-10265

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. On the /cbs/system/ShowAdvanced.do "File Explorer" screen, it is possible to change the directory in the JavaScript code. If changed to for example "C:" then one can browse the whole server...

7.5AI score0.02501EPSS
Exploits1References1
CVE
CVE
added 2019/07/26 8:49 p.m.338 views

CVE-2019-10265

CVE-2019-10265 affects Ahsay Cloud Backup Suite prior to 8.1.1.50. The vulnerability exists on the /cbs/system/ShowAdvanced.do “File Explorer” screen, where input in the JavaScript code can change the directory to an arbitrary path (e.g., C:), enabling an attacker to browse the server filesystem....

7.8CVSS7.4AI score0.02501EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/07/26 8:46 p.m.345 views

CVE-2019-10264

The affected product is Ahsay Cloud Backup Suite prior to 8.1.1.50. With a valid administrator account, the Move / Import / Export Users screen’s Import Users option accepts a ZIP archive containing a users.xml file, which can trigger an XML External Entity (XXE) vulnerability. This impacts multi...

7.2CVSS6.9AI score0.01335EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/07/26 8:46 p.m.22 views

CVE-2019-10264

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. With a valid administrator account, the "Move / Import / Export Users" screen has an Import Users option. This option accepts a ZIP archive containing a users.xml file that can trigger XXE...

7AI score0.01335EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/07/26 8:44 p.m.25 views

CVE-2019-10263

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When creating a trial account, it is possible to inject XSS in the Alias field, allowing the attacker to retrieve the admin's cookie and take over the account...

6.2AI score0.00826EPSS
Exploits5References1
CVE
CVE
added 2019/07/26 8:44 p.m.423 views

CVE-2019-10263

CVE-2019-10263 affects Ahsay Cloud Backup Suite prior to 8.1.1.50. The initial description documents an XSS vulnerability in the Alias field during trial account creation that could lead to an admin cookie theft and account takeover. Multiple connected sources corroborate the Ahsay exposure and s...

6.1CVSS6.3AI score0.00826EPSS
Exploits5References1Affected Software1
The Hacker News
The Hacker News
added 2018/10/15 9:20 a.m.383 views

Google to Encrypt Android Cloud Backups With Your Lock Screen Password

In an effort to secure users' data while maintaining privacy, Google has announced a new security measure for Android Backup Service that now encrypts all your backup data stored on its cloud servers in a way that even the company can't read it. Google allows Android users to automatically backup...

6.8AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2018/06/14 1:4 p.m.17 views

Don’t be a Coinmining Zombie – Part 2: How Do You Protect Yourself from being Cryptojacked?

Safe behaviors to protect yourself from cryptojacking follow the familiar rules you should adhere to every day to protect yourself against viruses, worms, bots, and malware, including ransomware, which are typically pushed to you through phishing techniques and social engineering: | Strengthen yo...

0.8AI score
Exploits0
hackapp
hackapp
added 2016/04/01 9:22 a.m.17 views

G Cloud Backup - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application G Cloud Backup published at the 'play' market has multiple vulnerabilities...

0.7AI score
Exploits0References1Affected Software1
Veeam
Veeam
added 2014/12/25 2:31 p.m.17 views

Release Notes for Veeam Backup & Replication 8.0 Patch 1

More Recent Version Available Please find the latest version of Veeam Backup & Replication here: Veeam Downloads - Latest Version Challenge Release Notes for Veeam Backup & Replication 8.0 Update 1 Cause Please confirm you are running version 8.0.0.807, 8.0.0.817 or 8.0.0.831 prior to installing...

6.8AI score
Exploits0
seebug.org
seebug.org
added 2013/06/27 12:0 a.m.22 views

Samsung Galaxy S4 SMS欺骗漏洞

BUGTRAQ ID: 60756 Samsung Galaxy S是三星的Android系统的智能手机。 Samsung Galaxy S4在Cloud Backup功能中存在SMS欺骗漏洞,攻击者通过发送特制的SMS到受影响设备,利用此漏洞可进行网络钓鱼攻击。 0 Samsung Galaxy S4 厂商补丁: Samsung ------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2013/06/25 8:51 p.m.9 views

Serious Smishing vulnerability reported in Samsung Galaxy S4

Serious security vulnerability was recently discovered on the Samsung flagship Galaxy S4 device, claiming that attackers can use it to silently send text messages. Qihoo 360 Technology, an antivirus company based in China, said that this particular vulnerability is related to the "cloud backup"...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2013/06/25 9:51 a.m.8 views

Serious Smishing vulnerability reported in Samsung Galaxy S4

Serious security vulnerability was recently discovered on the Samsung flagship Galaxy S4 device, claiming that attackers can use it to silently send text messages. Qihoo 360 Technology, an antivirus company based in China, said that this particular vulnerability is related to the "cloud backup"...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/09/17 12:0 a.m.15 views

JustCloud 'Cloud' Backup Service Detection

Binary data 6578.prm...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2012/09/17 12:0 a.m.13 views

SugarSync 'Cloud' Backup Service Detection

Binary data 6586.prm...

7.3AI score
Exploits0References1
Rows per page
Query Builder