Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
unitrends vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-43044
An issue exists in Kaseya Unitrends Backup Appliance prior to 10.5.5. The SNMP daemon was configured with a weak default community.
Kaseya Unitrends Backup
9.8
CVSSv3
CVE-2017-7280
An issue exists in api/includes/systems.php in Unitrends Enterprise Backup prior to 9.0.0. User input is not properly filtered before being sent to a popen function. This allows for remote code execution by sending a specially crafted user variable.
Unitrends Enterprise Backup
5.5
CVSSv3
CVE-2017-7282
An issue exists in Unitrends Enterprise Backup prior to 9.1.1. The function downloadFile in api/includes/restore.php blindly accepts any filename passed to /api/restore/download as valid. This allows an authenticated malicious user to read any file in the filesystem that the web ...
Unitrends Enterprise Backup
8.8
CVSSv3
CVE-2017-7284
An attacker that has hijacked a Unitrends Enterprise Backup (prior to 9.1.2) web server session can leverage api/includes/users.php to change the password of the logged in account without knowing the current password. This allows for an account takeover.
Unitrends Enterprise Backup
8.8
CVSSv3
CVE-2017-12479
It exists that an issue in the session logic in Unitrends Backup (UB) prior to 10.0.0 allowed using the LOGDIR environment variable during a web session to elevate an existing low-privilege user to root privileges. A remote attacker with existing low-privilege credentials could t...
Kaseya Unitrends Backup
1 EDB exploit
NA
CVE-2014-3008
Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconsole/bpl/snmpd.php.
Unitrends Enterprise Backup 7.3.0
1 EDB exploit
8.8
CVSSv3
CVE-2021-40385
An issue exists in the server software in Kaseya Unitrends Backup Software prior to 10.5.5-2. There is a privilege escalation from read-only user to admin.
Kaseya Unitrends Backup Software
8.8
CVSSv3
CVE-2021-40387
An issue exists in the server software in Kaseya Unitrends Backup Software prior to 10.5.5-2. There is authenticated remote code execution.
Kaseya Unitrends Backup Software
NA
CVE-2014-3139
recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.0 allows remote malicious users to bypass authentication by setting the auth parameter to a certain string.
Unitrends Enterprise Backup 7.3.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991
CVE-2024-32674
path traversal
CVE-2023-21987
denial of service
dos
CVE-2024-4647
CVE-2024-25519
CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3