Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
unitrends backup vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-6329
It exists that the Unitrends Backup (UB) prior to 10.1.0 libbpext.so authentication could be bypassed with a SQL injection, allowing a remote malicious user to place a privilege escalation exploit on the target system and subsequently execute arbitrary commands.
Unitrends Backup
9.8
CVSSv3
CVE-2020-8427
In Unitrends Backup prior to 10.4.1, an HTTP request parameter was not properly sanitized, allowing for SQL injection that resulted in an authentication bypass.
Unitrends Backup
7.8
CVSSv3
CVE-2021-43037
An issue exists in Kaseya Unitrends Backup Appliance prior to 10.5.5. The Unitrends Windows agent was vulnerable to DLL injection and binary planting due to insecure default permissions. This allowed privilege escalation from an unprivileged user to SYSTEM.
Kaseya Unitrends Backup
9.8
CVSSv3
CVE-2021-43035
An issue exists in Kaseya Unitrends Backup Appliance prior to 10.5.5. Two unauthenticated SQL injection vulnerabilities were discovered, allowing arbitrary SQL queries to be injected and executed under the postgres superuser account. Remote code execution was possible, leading to...
Kaseya Unitrends Backup
6.5
CVSSv3
CVE-2021-43039
An issue exists in Kaseya Unitrends Backup Appliance prior to 10.5.5. The Samba file sharing service allowed anonymous read/write access.
Kaseya Unitrends Backup
8.8
CVSSv3
CVE-2021-43040
An issue exists in Kaseya Unitrends Backup Appliance prior to 10.5.5. The privileged vaultServer could be leveraged to create arbitrary writable files, leading to privilege escalation.
Kaseya Unitrends Backup
8.8
CVSSv3
CVE-2021-43041
An issue exists in Kaseya Unitrends Backup Appliance prior to 10.5.5. A crafted HTTP request could induce a format string vulnerability in the privileged vaultServer application.
Kaseya Unitrends Backup
6.5
CVSSv3
CVE-2021-43043
An issue exists in Kaseya Unitrends Backup Appliance prior to 10.5.5. The apache user could read arbitrary files such as /etc/shadow by abusing an insecure Sudo rule.
Kaseya Unitrends Backup
9.8
CVSSv3
CVE-2017-12478
It exists that the api/storage web interface in Unitrends Backup (UB) prior to 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the targ...
Kaseya Unitrends Backup
3 EDB exploits
9.8
CVSSv3
CVE-2021-43033
An issue exists in Kaseya Unitrends Backup Appliance prior to 10.5.5. Multiple functions in the bpserverd daemon were vulnerable to arbitrary remote code execution as root. The vulnerability was caused by untrusted input (received by the server) being passed to system calls.
Kaseya Unitrends Backup
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »