Page 2 of 18 results (0.020 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-38079 – WordPress Backup Scheduler plugin <= 1.5.13 - Cross-Site Request Forgery (CSRF) vulnerability

https://notcve.org/view.php?id=CVE-2022-38079

Cross-Site Request Forgery (CSRF) vulnerability Backup Scheduler plugin <= 1.5.13 at WordPress. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el Plugin Backup Scheduler versiones anteriores a 1.5.13 incluyéndola en WordPress. The Backup Scheduler plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.13. This is due to missing or incorrect nonce validation on several of its AJAX actions. This makes it possible for unauthenticated attackers to invoke those functions, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/backup-scheduler/wordpress-backup-scheduler-plugin-1-5-13-cross-site-request-forgery-csrf-vulnerability/_s_id=cve https://wordpress.org/plugins/backup-scheduler • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.2EPSS: 96%CPEs: 1EXPL: 6

CVE-2021-24155 – Backup Guard < 1.6.0 - Authenticated Arbitrary File Upload

https://notcve.org/view.php?id=CVE-2021-24155

The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE. El plugin WordPress Backup and Migrate - Backup Guard WordPress antes de la versión 1.6.0 no garantizaba que los archivos importados tuvieran el formato y la extensión SGBP, lo que permitía a los usuarios con altos privilegios (admin+) subir archivos arbitrarios, incluidos los de PHP, lo que provocaba un RCE • https://www.exploit-db.com/exploits/50093 https://github.com/0dayNinja/CVE-2021-24155.rb http://packetstormsecurity.com/files/163382/WordPress-Backup-Guard-1.5.8-Shell-Upload.html http://packetstormsecurity.com/files/163623/WordPress-Backup-Guard-Authenticated-Remote-Code-Execution.html https://wpscan.com/vulnerability/d442acac-4394-45e4-b6bb-adf4a40960fb https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2473510%40backup&old=2472212%40backup&sfp_email=&sfph_mail= https:/ • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2013-1425

https://notcve.org/view.php?id=CVE-2013-1425

ldap-git-backup before 1.0.4 exposes password hashes due to incorrect directory permissions. ldap-git-backup versiones anteriores a 1.0.4, expone hashes de contraseña debido a permisos de directorio incorrectos. • https://github.com/elmar/ldap-git-backup/commit/a90f3217fce87962db82d212f73af70693087124 https://security-tracker.debian.org/tracker/CVE-2013-1425 https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1096253.html • CWE-276: Incorrect Default Permissions •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2

CVE-2014-4993

https://notcve.org/view.php?id=CVE-2014-4993

(1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and (2) lib/backup/cli/utility.rb in the backup_checksum gem 3.0.23 for Ruby place credentials on the openssl command line, which allows local users to obtain sensitive information by listing the process. (1) lib/backup/cli/utility.rb en la gema backup-agoddard 3.0.28 y (2) lib/backup/cli/utility.rb en la gema backup_checksum 3.0.23 para Ruby colocan credenciales en la línea de comandos de openssl. Esto permite que usuarios locales obtengan información sensible listando el proceso. • http://www.openwall.com/lists/oss-security/2014/07/07/11 http://www.openwall.com/lists/oss-security/2014/07/07/12 http://www.openwall.com/lists/oss-security/2014/07/17/5 http://www.vapid.dhs.org/advisories/backup-agoddard-3.0.28.html http://www.vapid.dhs.org/advisories/backup_checksum-3.0.23.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-10837 – BackupGuard <= 1.1.46 - Reflected Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2017-10837

Cross-site scripting vulnerability in BackupGuard prior to version 1.1.47 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en BackupGuard en versiones anteriores a la 1.1.47 permite a atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados. • https://jvn.jp/en/jp/JVN58559719/index.html https://wordpress.org/plugins/backup/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •