18 matches found
CVE-2016-15056
Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local network can reque...
EUVD-2016-10800
Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local network can reque...
PT-2025-34192 · Undefined · Undefined
New vulnerabilities in Workhorse Software threaten sensitive data in cities and towns across Wisconsin. Key Points: - Two serious vulnerabilities discovered in Workhorse Software's accounting application. - Vulnerabilities expose sensitive personally identifiable information PII stored in the...
PT-2025-34193 · Undefined · Undefined
New vulnerabilities in Workhorse Software threaten sensitive data in cities and towns across Wisconsin. Key Points: - Two serious vulnerabilities discovered in Workhorse Software's accounting application. - Vulnerabilities expose sensitive personally identifiable information PII stored in the...
CVE-2025-49200 Unencrypted backup contains sensitive information
The created backup files are unencrypted, making the application vulnerable for gathering sensitive information by downloading and decompressing the backup files...
SICK Field Analytics和SICK Media Server 信息泄露漏洞
SICK Field Analytics and SICK Media Server are both products of SICK GmbH, Germany.SICK Field Analytics is software for evaluating manufacturing data.SICK Media Server is a media server. A security vulnerability exists in SICK Field Analytics and SICK Media Server that stems from unencrypted back...
CVE-2020-35658
SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted...
attic has improper verification of unencrypted backups
attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive information by changing the manifest type byte of the repository to "unencrypted / without key file"...
GHSA-5X6Q-FFWJ-8VCF attic has improper verification of unencrypted backups
attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive information by changing the manifest type byte of the repository to "unencrypted / without key file"...
CVE-2020-35658
SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted...
CVE-2020-35658
SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted...
CVE-2020-35658
SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted...
CVE-2020-15851
Lack of access control in Nakivo Backup & Replication Transporter version 9.4.0.r43656 allows remote users to access unencrypted backup repositories and the Nakivo Controller configuration via a network accessible transporter service. It is also possible to create or delete backup repositories...
Versa Networks: Plaintext Credentials in Backups & Configs
In Versa Director, the unencrypted backup files stored on the Versa deployment contain credentials stored within configuration files. These credentials are for various application components such as SNMP, and SSL and Trust keystores...
Apple iOS MobileBackup Backup Encryption Vulnerability
Apple iOS is an operating system developed by Apple for mobile devices, and MobileBackup is one of the system backup components. A security vulnerability exists in the MobileBackup component in Apple iOS versions prior to 11. The vulnerability can be exploited by a remote attacker to read an...
PYSEC-2017-6
attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive information by changing the manifest type byte of the repository to "unencrypted / without key file"...
UBUNTU-CVE-2015-4082
attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive information by changing the manifest type byte of the repository to "unencrypted / without key file"...
CVE-2015-4082
attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive information by changing the manifest type byte of the repository to "unencrypted / without key file"...