Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bacula bacula vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-15367
Bacula-web prior to 8.0.0-rc2 is affected by multiple SQL Injection vulnerabilities that could allow an malicious user to access the Bacula database and, depending on configuration, escalate privileges on the server.
Bacula Bacula-web 8.0.0
Bacula Bacula-web
1 EDB exploit
NA
CVE-2005-2995
bacula 1.36.3 and previous versions allows local users to modify or read sensitive files via symlink attacks on (1) the temporary file used by autoconf/randpass when openssl is not available, or (2) the mtx.[PID] temporary file in mtx-changer.in.
Bacula Bacula
5.5
CVSSv3
CVE-2007-5626
make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent malicious users to obtain the password by listing the process and it...
Bacula Bacula
NA
CVE-2008-5373
mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mtx.##### temporary file, probably a related issue to CVE-2005-2995.
Bacula Bacula 2.4.2
NA
CVE-2014-8295
SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows remote malicious users to execute arbitrary SQL commands via the jobid parameter.
Bacula Bacula-web 5.2.10
1 EDB exploit
NA
CVE-2012-4430
The dump_resource function in dird/dird_conf.c in Bacula prior to 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors.
Bacula Bacula
Debian Debian Linux 7.0
Debian Debian Linux 6.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started