42 matches found
EUVD-2017-16311
Malware in sbrugna...
EUVD-2017-16313
Malware in sbrugna...
EUVD-2017-16309
Malware in sbrugna...
EUVD-2017-16310
Malware in sbrugna...
EUVD-2014-3158
Malware in sbrugna...
CVE-2014-3139
recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.0 allows remote attackers to bypass authentication by setting the auth parameter to a certain string...
Unitrends Enterprise Backup bpserverd Privilege Escalation
It was discovered that the Unitrends bpserverd proprietary protocol, as exposed via xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system. This is very similar to...
Unitrends Enterprise Backup bpserverd Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Unitrends Enterprise Backup bpserverd Privilege Escalation', 'Description' = %q It was discovered that the Unitrends bpserverd proprietary...
The vulnerability of the web server of the Unitrends Enterprise Backup software allows a hacker to obtain root privileges.
The vulnerability of the web server of the Unitrends Enterprise Backup software lies in its lack of access control mechanisms. Exploiting this vulnerability could allow an attacker, operating remotely, to obtain root privileges by modifying the cookie file issued upon system login...
Unitrends Enterprise Backup 7.3.0 Multiple Vulnerabilities
Multiple vulnerabilities in Unitrends Enterprise Backup version 7.3.0. Authentication bypass and remote code execution RCE. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Unitrends Enterprise Backup api/includes/users.php page password change vulnerability
Unitrends Enterprise Backup is backup software that incorporates cloud continuity services to ensure the recovery of your virtual, physical and cloud data, systems and applications. A password change vulnerability exists in the api/includes/users.php page of Unitrends Enterprise Backup, which can...
Unitrends Enterprise Backup 'token' cookie modification lifting vulnerability
Unitrends Enterprise Backup is a suite of enterprise-class data protection software from Unitrends, Inc. in the United States. The software provides data backup, data recovery and deduplication features. A security vulnerability exists in versions of Unitrends Enterprise Backup prior to 9.0.0. Th...
Unitrends Enterprise Backup api/includes/systems.php Remote Code Execution Vulnerability
Unitrends Enterprise Backup is a suite of enterprise-grade data protection software from the US-based Unitrends. The software provides data backup, data recovery and deduplication features. A security vulnerability exists in the api/includes/systems.php file in versions of Unitrends Enterprise...
CVE-2017-7282
An issue was discovered in Unitrends Enterprise Backup before 9.1.1. The function downloadFile in api/includes/restore.php blindly accepts any filename passed to /api/restore/download as valid. This allows an authenticated attacker to read any file in the filesystem that the web server has access...
CVE-2017-7283
An authenticated user of Unitrends Enterprise Backup before 9.1.2 can execute arbitrary OS commands by sending a specially crafted filename to the /api/restore/download-files endpoint, related to the downloadFiles function in api/includes/restore.php...
CVE-2017-7283
An authenticated user of Unitrends Enterprise Backup before 9.1.2 can execute arbitrary OS commands by sending a specially crafted filename to the /api/restore/download-files endpoint, related to the downloadFiles function in api/includes/restore.php...
Design/Logic Flaw
An authenticated user of Unitrends Enterprise Backup before 9.1.2 can execute arbitrary OS commands by sending a specially crafted filename to the /api/restore/download-files endpoint, related to the downloadFiles function in api/includes/restore.php...
CVE-2017-7282
An issue was discovered in Unitrends Enterprise Backup before 9.1.1. The function downloadFile in api/includes/restore.php blindly accepts any filename passed to /api/restore/download as valid. This allows an authenticated attacker to read any file in the filesystem that the web server has access...
CVE-2017-7283
An authenticated user of Unitrends Enterprise Backup before 9.1.2 can execute arbitrary OS commands by sending a specially crafted filename to the /api/restore/download-files endpoint, related to the downloadFiles function in api/includes/restore.php...
CVE-2017-7283
CVE-2017-7283 affects Unitrends Enterprise Backup prior to 9.1.2. An authenticated user can trigger arbitrary OS command execution by supplying a specially crafted filename to the /api/restore/download-files endpoint, related to the downloadFiles function in api/includes/restore.php. The NVD data...