Page 4 of 19 results (0.008 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

The wp-db-backup plugin 2.2.4 for WordPress relies on a five-character string for access control, which makes it easier for remote attackers to read backup archives via a brute-force attack. El plugin wp-db-backup 2.2.4 para WordPress se basa en una cadena de cinco caracteres para el control de acceso, lo que facilita a los atacantes remotos la lectura de archivos de copia de seguridad mediante un ataque por fuerza bruta. The wp-db-backup plugin up to 2.2.4 for WordPress relies on a five-character string for access control, which makes it easier for remote attackers to read backup archives via a brute-force attack. • http://www.vapidlabs.com/advisory.php?v=81 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

The EZPZ One Click Backup (ezpz-one-click-backup) plugin 12.03.10 and earlier for WordPress allows remote attackers to execute arbitrary commands via the cmd parameter to functions/ezpz-archive-cmd.php. El plugin EZPZ One Click Backup (ezpz-one-click-backup), en versiones 12.03.10 y anteriores para WordPress, permite que atacantes remotos ejecuten comandos arbitrarios mediante el parámetro cmd en functions/ezpz-archive-cmd.php. • http://www.openwall.com/lists/oss-security/2014/05/01/11 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

backup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its arguments, a different vulnerability than CVE-2007-2766. backup-manager-upload de Backup Manager versiones anteriores a 0.6.3 proporciona el nombre de máquina, nombre del usuario y contraseña del servidor FTP, como argumentos de línea de comandos en texto plano durante la promoción FTP, lo cual permite a usuarios locales obtener información confidencial al listar el proceso y sus argumentos, vulnerabilidad distinta de CVE-2007-2766. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439392 http://bugzilla.backup-manager.org/cgi-bin/show_bug.cgi?id=173 http://osvdb.org/37444 http://secunia.com/advisories/26657 http://secunia.com/advisories/29377 http://www.debian.org/security/2008/dsa-1518 http://www.securityfocus.com/bid/25503 http://www.securitytracker.com/id?1018639 http://www2.backup-manager.org/Release063 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-255: Credentials Management Errors CWE-310: Cryptographic Issues •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

lib/backup-methods.sh in Backup Manager before 0.7.6 provides the MySQL password as a plaintext command line argument, which allows local users to obtain this password by listing the process and its arguments, related to lib/backup-methods.sh. El archivo lib/backup-methods.sh en Backup Manager versiones anteriores a 0.7.6, proporciona la contraseña de MySQL como un argumento de línea de comandos en texto plano, que permite a usuarios locales obtener esta contraseña mediante la enumeración del proceso y sus argumentos, relacionados con el archivo lib/backup-methods.sh . • http://bugzilla.backup-manager.org/cgi-bin/show_bug.cgi?id=146 http://osvdb.org/34780 http://www.backup-manager.org/pipermail/backup-manager-commits/2007-January/000212.html http://www.vupen.com/english/advisories/2007/2412 http://www2.backup-manager.org/Release076 https://exchange.xforce.ibmcloud.com/vulnerabilities/34489 • CWE-255: Credentials Management Errors •