6 matches found
CVE-2019-10266
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When sending an out-of-bounds XML document to a URL, it is possible to read the file structure and even the content of files without authentication...
CVE-2019-10266
Affected product: Ahsay Cloud Backup Suite prior to 8.1.1.50. Issue: unauthenticated, out-of-bounds XML input can trigger XML External Entity (XXE) processing, enabling an attacker to read file structures and contents from the server. Root cause: improper handling of XML input leading to informat...
Ahsay Backup 7.x - 8.1.1.50 - XML External Entity Injection
Ahsay Backup 7.x - 8.1.1.50 - XML External Entity Injection Unauthenticated XML External Entity XXE in Ahsay Backup v7.x - v8.1.0.50. Date: 26-6-2019 Exploit Author: Wietse Boonstra Vendor Homepage: https://ahsay.com Software Link: http://ahsay-dn.ahsay.com/v8/81050/cbs-win.exe Version: 7.x...
Ahsay Backup 7.x - 8.1.1.50 - XML External Entity Injection
Unauthenticated XML External Entity XXE in Ahsay Backup v7.x - v8.1.0.50. Date: 26-6-2019 Exploit Author: Wietse Boonstra Vendor Homepage: https://ahsay.com Software Link: http://ahsay-dn.ahsay.com/v8/81050/cbs-win.exe Version: 7.x %remote;%intern; %trick; On http://attacker/oob add the following...
Ahsay Backup 7.x - 8.1.1.50 - XML External Entity Injection Vulnerability
Exploit for jsp platform in category web applications Unauthenticated XML External Entity XXE in Ahsay Backup v7.x - v8.1.0.50. Date: 26-6-2019 Exploit Author: Wietse Boonstra Vendor Homepage: https://ahsay.com Software Link: http://ahsay-dn.ahsay.com/v8/81050/cbs-win.exe Version: 7.x...
Ahsay Backup 7.x / 8.x XML Injection
Unauthenticated XML External Entity XXE in Ahsay Backup v7.x - v8.1.0.50. Date: 26-6-2019 Exploit Author: Wietse Boonstra Vendor Homepage: https://ahsay.com Software Link: http://ahsay-dn.ahsay.com/v8/81050/cbs-win.exe Version: 7.x %remote;%intern; %trick; On http://attacker/oob add the following...