Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cloud backup vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-43549
Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 allows malicious users to bypass authentication mechanisms.
Veeam Veeam Backup For Google Cloud 3.0
Veeam Veeam Backup For Google Cloud 1.0
4.3
CVSSv2
CVE-2019-10263
An issue exists in Ahsay Cloud Backup Suite prior to 8.1.1.50. When creating a trial account, it is possible to inject XSS in the Alias field, allowing the malicious user to retrieve the admin's cookie and take over the account.
Ahsay Cloud Backup Suite
6.5
CVSSv2
CVE-2019-10264
An issue exists in Ahsay Cloud Backup Suite prior to 8.1.1.50. With a valid administrator account, the "Move / Import / Export Users" screen has an Import Users option. This option accepts a ZIP archive containing a users.xml file that can trigger XXE.
Ahsay Cloud Backup Suite
7.8
CVSSv2
CVE-2019-10265
An issue exists in Ahsay Cloud Backup Suite prior to 8.1.1.50. On the /cbs/system/ShowAdvanced.do "File Explorer" screen, it is possible to change the directory in the JavaScript code. If changed to (for example) "C:" then one can browse the whole server.
Ahsay Cloud Backup Suite
7.8
CVSSv2
CVE-2019-10266
An issue exists in Ahsay Cloud Backup Suite prior to 8.1.1.50. When sending an out-of-bounds XML document to a URL, it is possible to read the file structure and even the content of files without authentication.
Ahsay Cloud Backup Suite
1 EDB exploit
9
CVSSv2
CVE-2019-10267
An insecure file upload and code execution issue exists in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to upload a file into any directory of the server. One can insert a JSP shell into the web server's directory and execute it. This leads to full access to the system,...
Ahsay Cloud Backup Suite
2 EDB exploits
NA
CVE-2022-36916
A cross-site request forgery (CSRF) vulnerability in Jenkins Google Cloud Backup Plugin 0.6 and previous versions allows malicious users to request a manual backup.
Jenkins Google Cloud Backup
NA
CVE-2022-36917
A missing permission check in Jenkins Google Cloud Backup Plugin 0.6 and previous versions allows attackers with Overall/Read permission to request a manual backup.
Jenkins Google Cloud Backup
4
CVSSv2
CVE-2020-5846
An insecure file upload and code execution issue exists in Ahsay Cloud Backup Suite 8.3.0.30 via a "PUT /obs/obm7/file/upload" request with the base64-encoded pathname in the X-RSW-custom-encode-path HTTP header, and the content in the HTTP request body. It is possible ...
Ahsay Cloud Backup Suite 8.3.0.30
NA
CVE-2022-37027
Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to inject arbitrary Java JVM options. Administrators that can modify the Runtime Options in the web interface can inject Java Runtime Options. These take effect after a restart. For example, an attacker can enable JMX ser...
Ahsay Cloud Backup Suite 9.1.4.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »