How to Change Where Logs are Stored on the Veeam Appliances

Changing Log Location Will Break Automated Log Collection The automated log collection tools built into both the Veeam Backup & Replication Web UI of the Veeam Software Appliance and the "Create support bundle" function within the Host Management Console collect logs only from the default log...

CLSA-2025-1761845210 Fix CVE(s): CVE-2022-1733, CVE-2022-1796, CVE-2022-1886, CVE-2022-3016

SECURITY UPDATE: Heap-based Buffer Overflow - debian/patches/CVE-2022-1733.patch: Check for NUL to prevent reading past end of the line when C-indenting - CVE-2022-1733 SECURITY UPDATE: Use After Free - debian/patches/CVE-2022-1796.patch: Fix accessing freed memory when line is flushed by making ...

EUVD-2015-1741

Malware in sbrugna...

CVE-2020-36667

The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to unauthorized back-up location changes in versions up to, and including 1.4.1 due to a lack of proper capability checking on the backupguardclouddropbox, backupguardcloudgdrive, and backupguardcloudoneDrive function...

CVE-2024-53991

Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use FileStore::LocalStore which means uploads and backups are stored locally on disk. If an attacker knows the name of the Discourse backup file, the attacker can trick...

RockOA Security Breach

RockOA Xinhu is an open source office OA system. A security vulnerability exists in Xinhu RockOA v2.6.3, which originates from the inclusion of a Reflected Cross-Site Scripting XSS vulnerability via the /kaoqin/tplkaoqinlocationchange.html component...

WordPress Theme Networker 安全漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress Theme Networker 1.1.9 and earlier versions, which stems...

WordPress plugin JetBackup – WP Backup, Migrate & Restore 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

GSD-2021-1002760 media: mxl111sf: change mutex_init() location

media: mxl111sf: change mutexinit location This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.11 by commit...

GSD-2021-1002709 media: mxl111sf: change mutex_init() location

media: mxl111sf: change mutexinit location This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.88 by commit...

GHSA-2R6J-862C-M2V2 Unrestricted File Upload in Form Framework

Problem Due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default fileDenyPattern successfully blocked files like .htaccess or malicious.php. TYPO3 Extbase extensions, which implement ...

OLX: I found a way to instantly take over ads by other users and change them (IDOR)

A local LetGo webpage was vulnerable to Insecure Data Object Reference issue which could have lead to ad hijack or settings change price, description, location. @kciredor discovered this vulnerability and notified us about this. We would like to thank you for this report. Please do not hesitate t...

Mozilla: Incorrect site SSL certificate data display (MFSA 2012-69)

Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page...