100 matches found
Authentication flaw
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When sending an out-of-bounds XML document to a URL, it is possible to read the file structure and even the content of files without authentication...
CVE-2019-10267
An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to upload a file into any directory of the server. One can insert a JSP shell into the web server's directory and execute it. This leads to full access to the system, as the...
CVE-2019-10267
CVE-2019-10267 affects Ahsay Cloud Backup Suite 8.1.0.50 . The vulnerability is an insecure file upload that allows placing a file in any server directory; an attacker can upload a JSP shell to the web root and execute it, resulting in full access to the system under the configured user (e.g., Ad...
CVE-2019-10266
Affected product: Ahsay Cloud Backup Suite prior to 8.1.1.50. Issue: unauthenticated, out-of-bounds XML input can trigger XML External Entity (XXE) processing, enabling an attacker to read file structures and contents from the server. Root cause: improper handling of XML input leading to informat...
CVE-2019-10266
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When sending an out-of-bounds XML document to a URL, it is possible to read the file structure and even the content of files without authentication...
CVE-2019-10265
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. On the /cbs/system/ShowAdvanced.do "File Explorer" screen, it is possible to change the directory in the JavaScript code. If changed to for example "C:" then one can browse the whole server...
CVE-2019-10265
CVE-2019-10265 affects Ahsay Cloud Backup Suite prior to 8.1.1.50. The vulnerability exists on the /cbs/system/ShowAdvanced.do “File Explorer” screen, where input in the JavaScript code can change the directory to an arbitrary path (e.g., C:), enabling an attacker to browse the server filesystem....
CVE-2019-10264
The affected product is Ahsay Cloud Backup Suite prior to 8.1.1.50. With a valid administrator account, the Move / Import / Export Users screen’s Import Users option accepts a ZIP archive containing a users.xml file, which can trigger an XML External Entity (XXE) vulnerability. This impacts multi...
CVE-2019-10264
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. With a valid administrator account, the "Move / Import / Export Users" screen has an Import Users option. This option accepts a ZIP archive containing a users.xml file that can trigger XXE...
CVE-2019-10263
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When creating a trial account, it is possible to inject XSS in the Alias field, allowing the attacker to retrieve the admin's cookie and take over the account...
CVE-2019-10263
CVE-2019-10263 affects Ahsay Cloud Backup Suite prior to 8.1.1.50. The initial description documents an XSS vulnerability in the Alias field during trial account creation that could lead to an admin cookie theft and account takeover. Multiple connected sources corroborate the Ahsay exposure and s...
Google to Encrypt Android Cloud Backups With Your Lock Screen Password
In an effort to secure users' data while maintaining privacy, Google has announced a new security measure for Android Backup Service that now encrypts all your backup data stored on its cloud servers in a way that even the company can't read it. Google allows Android users to automatically backup...
Don’t be a Coinmining Zombie – Part 2: How Do You Protect Yourself from being Cryptojacked?
Safe behaviors to protect yourself from cryptojacking follow the familiar rules you should adhere to every day to protect yourself against viruses, worms, bots, and malware, including ransomware, which are typically pushed to you through phishing techniques and social engineering: | Strengthen yo...
G Cloud Backup - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application G Cloud Backup published at the 'play' market has multiple vulnerabilities...
Release Notes for Veeam Backup & Replication 8.0 Patch 1
More Recent Version Available Please find the latest version of Veeam Backup & Replication here: Veeam Downloads - Latest Version Challenge Release Notes for Veeam Backup & Replication 8.0 Update 1 Cause Please confirm you are running version 8.0.0.807, 8.0.0.817 or 8.0.0.831 prior to installing...
Samsung Galaxy S4 SMS欺骗漏洞
BUGTRAQ ID: 60756 Samsung Galaxy S是三星的Android系统的智能手机。 Samsung Galaxy S4在Cloud Backup功能中存在SMS欺骗漏洞,攻击者通过发送特制的SMS到受影响设备,利用此漏洞可进行网络钓鱼攻击。 0 Samsung Galaxy S4 厂商补丁: Samsung ------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
Serious Smishing vulnerability reported in Samsung Galaxy S4
Serious security vulnerability was recently discovered on the Samsung flagship Galaxy S4 device, claiming that attackers can use it to silently send text messages. Qihoo 360 Technology, an antivirus company based in China, said that this particular vulnerability is related to the "cloud backup"...
Serious Smishing vulnerability reported in Samsung Galaxy S4
Serious security vulnerability was recently discovered on the Samsung flagship Galaxy S4 device, claiming that attackers can use it to silently send text messages. Qihoo 360 Technology, an antivirus company based in China, said that this particular vulnerability is related to the "cloud backup"...
JustCloud 'Cloud' Backup Service Detection
Binary data 6578.prm...
SugarSync 'Cloud' Backup Service Detection
Binary data 6586.prm...