Remote code execution

Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution RCE vulnerability via the syncNtpTime function...

Remote code execution

Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution RCE vulnerability via the deleteUpdateAPK function...

Default credentials

Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials...

CVE-2024-22901

CVE-2024-22901 affects Vinchin Backup & Recovery v7.2 (and earlier) where default MySQL credentials are used. Public sources in connected documents confirm the underlying issue is default credentials enabling unauthenticated access, with CVSS 3.1 base score 9.8 (CRITICAL) and impact to confidenti...

CVE-2024-22899

Vinchin Backup & Recovery v7.2 (and earlier) has an authenticated remote code execution (RCE) vulnerability in the syncNtpTime function. The issue stems from the ntphost handling in SystemHandler.class.php, where user-controlled input can be injected into a system command, enabling arbitrary comm...

CVE-2024-22903

CVE-2024-22903 affects Vinchin Backup & Recovery v7.2 and earlier. The vulnerability is an authenticated remote code execution via the deleteUpdateAPK function in SystemHandler.class.php, caused by improper handling/validation of the file_name input leading to command injection (exec). Impact is ...

CVE-2024-22900

Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution RCE vulnerability via the setNetworkCardInfo function...

ROS-2-1507

2.1507 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability coul...

ROS-2-503

2.503 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability could...

ROS-2-1553

2.1553 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability coul...

ROS-2-700

2.700 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability could...

Security Bulletin: ClassLoader manipulation with Apache Struts affecting IBM QRadar SIEM (CVE-2014-0114)

Summary There is a ClassLoader manipulation vulnerability in Apache Struts that is used by IBM QRadar Security Information and Event Manager SIEM. Vulnerability Details CVEID: CVE-2014-0114 DESCRIPTION: Apache Struts 1.X could allow a remote attacker to execute arbitrary code on the system, cause...

Security Bulletin: FREAK vulnerability in TLS/SSL affects IBM CICS Transaction Gateway (CVE-2015-0204)

Summary A vulnerability in the OpenSSL ssl3getkeyexchange function could allow a remote downgrade the security of certain TLS connections. An OpenSSL client accepts the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using a...

CVE-2017-5790

A remote deserialization of untrusted data vulnerability in HPE Intelligent Management Center IMC PLAT version 7.2 E0403P06 was found...

CVE-2016-8525

A Remote Disclosure of Information vulnerability in HPE iMC PLAT version v7.2 E0403P06 and earlier was found. The problem was resolved in iMC PLAT 7.3 E0504 or subsequent version...

HPE iMC - dbman 'RestoreDBase' Remote Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HPE iMC dbman RestoreDBase Unauthenticated RCE', 'Description' = %q This module exploits a remote command execution vulnerablity in Hewlett Packa...

Discuz 7.2 /faq.php SQL注入漏洞 + UC_Key getshell exp

No description provided by source...

Discuz! v7. 2 injection vulnerability analysis and exploit-vulnerability warning-the black bar safety net

Vulnerability analysis: 文件 ./manyou/sources/notice.php The relevant code: if$option == 'del' $appid = intval$GET'appid'; $db-query"DELETE FROM $tablepremyinvite WHERE appid='$appid' AND touid='$discuzuid'"; showmessage'manyou:done', 'userapp. php? script=notice&action=invite'; elseif$option ==...

ROS-2-1511

2.1511 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability coul...