Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
unitrends backup vulnerabilities and exploits
(subscribe to this query)
1000
VMScore
CVE-2017-12477
It exists that the bpserverd proprietary protocol in Unitrends Backup (UB) prior to 10.0.0, as invoked through xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target ...
Kaseya Unitrends Backup
2 EDB exploits
670
VMScore
CVE-2017-7280
An issue exists in api/includes/systems.php in Unitrends Enterprise Backup prior to 9.0.0. User input is not properly filtered before being sent to a popen function. This allows for remote code execution by sending a specially crafted user variable.
Unitrends Enterprise Backup
634
VMScore
CVE-2017-7282
An issue exists in Unitrends Enterprise Backup prior to 9.1.1. The function downloadFile in api/includes/restore.php blindly accepts any filename passed to /api/restore/download as valid. This allows an authenticated malicious user to read any file in the filesystem that the web ...
Unitrends Enterprise Backup
803
VMScore
CVE-2017-7283
An authenticated user of Unitrends Enterprise Backup prior to 9.1.2 can execute arbitrary OS commands by sending a specially crafted filename to the /api/restore/download-files endpoint, related to the downloadFiles function in api/includes/restore.php.
Unitrends Enterprise Backup
580
VMScore
CVE-2017-7284
An attacker that has hijacked a Unitrends Enterprise Backup (prior to 9.1.2) web server session can leverage api/includes/users.php to change the password of the logged in account without knowing the current password. This allows for an account takeover.
Unitrends Enterprise Backup
892
VMScore
CVE-2017-7279
An unprivileged user of the Unitrends Enterprise Backup prior to 9.0.0 web server can escalate to root privileges by modifying the "token" cookie issued at login.
Unitrends Enterprise Backup
580
VMScore
CVE-2017-7281
An issue exists in Unitrends Enterprise Backup prior to 9.1.2. A lack of sanitization of user input in the createReportName and saveReport functions in recoveryconsole/bpl/reports.php allows for an authenticated user to create a randomly named file on disk with a user-controlled ...
Unitrends Enterprise Backup
668
VMScore
CVE-2021-40386
Kaseya Unitrends Client/Agent up to and including 10.5,5 allows remote malicious users to execute arbitrary code.
Kaseya Unitrends Backup
905
VMScore
CVE-2017-12479
It exists that an issue in the session logic in Unitrends Backup (UB) prior to 10.0.0 allowed using the LOGDIR environment variable during a web session to elevate an existing low-privilege user to root privileges. A remote attacker with existing low-privilege credentials could t...
Kaseya Unitrends Backup
1 EDB exploit
409
VMScore
CVE-2021-43034
An issue exists in Kaseya Unitrends Backup Appliance prior to 10.5.5. A world writable file allowed local users to execute arbitrary code as the user apache, leading to privilege escalation.
Kaseya Unitrends Backup
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »