Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bacula bacula vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2017-15367
Bacula-web prior to 8.0.0-rc2 is affected by multiple SQL Injection vulnerabilities that could allow an malicious user to access the Bacula database and, depending on configuration, escalate privileges on the server.
Bacula Bacula-web 8.0.0
Bacula Bacula-web
1 EDB exploit
2.1
CVSSv2
CVE-2007-5626
make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent malicious users to obtain the password by listing the process and it...
Bacula Bacula
3.6
CVSSv2
CVE-2005-2995
bacula 1.36.3 and previous versions allows local users to modify or read sensitive files via symlink attacks on (1) the temporary file used by autoconf/randpass when openssl is not available, or (2) the mtx.[PID] temporary file in mtx-changer.in.
Bacula Bacula
6.9
CVSSv2
CVE-2008-5373
mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mtx.##### temporary file, probably a related issue to CVE-2005-2995.
Bacula Bacula 2.4.2
7.5
CVSSv2
CVE-2014-8295
SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows remote malicious users to execute arbitrary SQL commands via the jobid parameter.
Bacula Bacula-web 5.2.10
1 EDB exploit
4
CVSSv2
CVE-2012-4430
The dump_resource function in dird/dird_conf.c in Bacula prior to 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors.
Bacula Bacula
Debian Debian Linux 7.0
Debian Debian Linux 6.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started