The vulnerability of the mlx5_esw_ipsec_restore_dest_uplink() function in the drivers/net/ethernet/mellanox/mlx5/core/esw/ipsec_fs.c module of the Linux kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the mlx5eswipsecrestoredestuplink function in the drivers/net/ethernet/mellanox/mlx5/core/esw/ipsecfs.c module of the Linux kernel is related to the reutilization of previously released memory. Exploiting this vulnerability could allow an attacker to compromise the...

CVE-2022-49146 virtio: use virtio_device_ready() in virtio_device_restore()

In the Linux kernel, the following vulnerability has been resolved: virtio: use virtiodeviceready in virtiodevicerestore After waking up a suspended VM, the kernel prints the following trace for virtio drivers which do not directly call virtiodeviceready in the .restore: PM: suspend exit irq 22:...

PT-2025-5619 · Ndpi · Ndpi

Name of the Vulnerable Software and Affected Versions: nDPI versions 4.12 and earlier Description: The issue is a potential stack-based buffer overflow in the ndpi address cache restore function located in lib/ndpi cache.c. This could potentially lead to exploitation. Recommendations: For nDPI...

CVE-2024-54082

home 5G HR02 and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the configuration restore function. An arbitrary OS command may be executed with the root privilege by an administrative user...

The vulnerability of the “restore” function in the mainfunction.cgi file of the DrayTek Vigor 3900 router microprogramming system allows a hacker to execute arbitrary code.

The vulnerability of the “restore” function in the mainfunction.cgi file of the DrayTek Vigor 3900 router microprogramming system exists due to the lack of measures taken to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a remote attacker to...

CVE-2024-51252

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the restore function...

CVE-2024-51252

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the restore function...

CVE-2024-51252

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the restore function...

DrayTek Vigor 3900 安全漏洞

The DrayTek Vigor 3900 is a high-performance router for enterprise networks from China-based DrayTek. A security vulnerability exists in the DrayTek Vigor 3900 version 1.5.1.3, which can be exploited by an attacker to execute arbitrary commands by injecting malicious commands into mainfunction.cg...

PT-2024-7995 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor 3900 version 1.5.1.3 Description: The issue exists due to the lack of neutralization of special elements used in the operating system command in the restore function of the mainfunction.cgi file in the DrayTek Vigor 3900 router'...

CVE-2024-1982

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the getrestoreprogress and restore functions in all versions up to, and including, 0.9.68. This makes it possible for unauthenticated attackers to exploit a SQL...

WordPress Plugin Migration, Backup, Staging Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

CVE-2023-4637

The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore and getrestoreprogress function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain full...

CVE-2023-4637

The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore and getrestoreprogress function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain full...

PT-2024-13356 · WordPress · Wpvivid

Name of the Vulnerable Software and Affected Versions: WPvivid plugin for WordPress versions up to, and including, 0.9.94 Description: The issue is related to a missing capability check on the restore and get restore progress functions. This allows unauthenticated attackers to invoke these...

The vulnerability of the backup/restore function of the video surveillance software Agent DVR allows a intruder to execute arbitrary code and upload arbitrary files.

The vulnerability of the Backup/Restore function of the video surveillance software for DVR systems is related to incorrect restrictions on the path to the restricted-access directory. Exploiting this vulnerability could allow an attacker to execute arbitrary commands and upload arbitrary files...

WPvivid < 0.9.95 - Missing Authorization

Description The plugin vulnerable to unauthorized access of data due to a missing capability check on the restore and getrestoreprogress function, making it possible for unauthenticated attackers to invoke these functions and obtain full file paths if they have access to a back-up ID...

CVE-2023-5263

A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. Affected by this issue is the function restore of the file /admin/save.php of the component Database Backup File Handler. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been...

PT-2023-31984 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: ZZZCMS version 2.1.7 Description: A critical issue was found in the restore function of the /admin/save.php file, part of the Database Backup File Handler component. This issue leads to permission problems and can be exploited remotely. The...

CVE-2022-22525

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function...