Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kaseya unitrends backup vulnerabilities and exploits
(subscribe to this query)
755
VMScore
CVE-2018-6328
It exists that the Unitrends Backup (UB) prior to 10.1.0 user interface was exposed to an authentication bypass, which then could allow an unauthenticated user to inject arbitrary commands into its /api/hosts parameters using backquotes.
Kaseya Unitrends Backup
1 EDB exploit
890
VMScore
CVE-2021-43033
An issue exists in Kaseya Unitrends Backup Appliance prior to 10.5.5. Multiple functions in the bpserverd daemon were vulnerable to arbitrary remote code execution as root. The vulnerability was caused by untrusted input (received by the server) being passed to system calls.
Kaseya Unitrends Backup
409
VMScore
CVE-2021-43034
An issue exists in Kaseya Unitrends Backup Appliance prior to 10.5.5. A world writable file allowed local users to execute arbitrary code as the user apache, leading to privilege escalation.
Kaseya Unitrends Backup
668
VMScore
CVE-2021-43036
An issue exists in Kaseya Unitrends Backup Appliance prior to 10.5.5. The password for the PostgreSQL wguest account is weak.
Kaseya Unitrends Backup
614
VMScore
CVE-2021-43037
An issue exists in Kaseya Unitrends Backup Appliance prior to 10.5.5. The Unitrends Windows agent was vulnerable to DLL injection and binary planting due to insecure default permissions. This allowed privilege escalation from an unprivileged user to SYSTEM.
Kaseya Unitrends Backup
578
VMScore
CVE-2021-43038
An issue exists in Kaseya Unitrends Backup Appliance prior to 10.5.5. The wguest account could execute commands by injecting into PostgreSQL trigger functions. This allowed privilege escalation from the wguest user to the postgres user.
Kaseya Unitrends Backup
570
VMScore
CVE-2021-43039
An issue exists in Kaseya Unitrends Backup Appliance prior to 10.5.5. The Samba file sharing service allowed anonymous read/write access.
Kaseya Unitrends Backup
578
VMScore
CVE-2021-43040
An issue exists in Kaseya Unitrends Backup Appliance prior to 10.5.5. The privileged vaultServer could be leveraged to create arbitrary writable files, leading to privilege escalation.
Kaseya Unitrends Backup
578
VMScore
CVE-2021-43041
An issue exists in Kaseya Unitrends Backup Appliance prior to 10.5.5. A crafted HTTP request could induce a format string vulnerability in the privileged vaultServer application.
Kaseya Unitrends Backup
668
VMScore
CVE-2021-40386
Kaseya Unitrends Client/Agent up to and including 10.5,5 allows remote malicious users to execute arbitrary code.
Kaseya Unitrends Backup
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »