Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
unitrends vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-6329
It exists that the Unitrends Backup (UB) prior to 10.1.0 libbpext.so authentication could be bypassed with a SQL injection, allowing a remote malicious user to place a privilege escalation exploit on the target system and subsequently execute arbitrary commands.
Unitrends Backup
9.8
CVSSv3
CVE-2020-8427
In Unitrends Backup prior to 10.4.1, an HTTP request parameter was not properly sanitized, allowing for SQL injection that resulted in an authentication bypass.
Unitrends Backup
9.8
CVSSv3
CVE-2017-7280
An issue exists in api/includes/systems.php in Unitrends Enterprise Backup prior to 9.0.0. User input is not properly filtered before being sent to a popen function. This allows for remote code execution by sending a specially crafted user variable.
Unitrends Enterprise Backup
8.8
CVSSv3
CVE-2017-7283
An authenticated user of Unitrends Enterprise Backup prior to 9.1.2 can execute arbitrary OS commands by sending a specially crafted filename to the /api/restore/download-files endpoint, related to the downloadFiles function in api/includes/restore.php.
Unitrends Enterprise Backup
9.8
CVSSv3
CVE-2021-40386
Kaseya Unitrends Client/Agent up to and including 10.5,5 allows remote malicious users to execute arbitrary code.
Kaseya Unitrends Backup
8.8
CVSSv3
CVE-2017-7284
An attacker that has hijacked a Unitrends Enterprise Backup (prior to 9.1.2) web server session can leverage api/includes/users.php to change the password of the logged in account without knowing the current password. This allows for an account takeover.
Unitrends Enterprise Backup
9.8
CVSSv3
CVE-2018-6328
It exists that the Unitrends Backup (UB) prior to 10.1.0 user interface was exposed to an authentication bypass, which then could allow an unauthenticated user to inject arbitrary commands into its /api/hosts parameters using backquotes.
Kaseya Unitrends Backup
1 EDB exploit
9.8
CVSSv3
CVE-2017-12478
It exists that the api/storage web interface in Unitrends Backup (UB) prior to 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the targ...
Kaseya Unitrends Backup
3 EDB exploits
9.8
CVSSv3
CVE-2021-43044
An issue exists in Kaseya Unitrends Backup Appliance prior to 10.5.5. The SNMP daemon was configured with a weak default community.
Kaseya Unitrends Backup
9.8
CVSSv3
CVE-2021-43036
An issue exists in Kaseya Unitrends Backup Appliance prior to 10.5.5. The password for the PostgreSQL wguest account is weak.
Kaseya Unitrends Backup
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991
CVE-2024-32674
path traversal
CVE-2023-21987
denial of service
dos
CVE-2024-4647
CVE-2024-25519
CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »