14 matches found
CVE-2021-43033
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Multiple functions in the bpserverd daemon were vulnerable to arbitrary remote code execution as root. The vulnerability was caused by untrusted input received by the server being passed to system calls...
PT-2021-23722 · Kaseya · Kaseya Unitrends Backup Appliance
Name of the Vulnerable Software and Affected Versions: Kaseya Unitrends Backup Appliance versions prior to 10.5.5 Description: An issue was discovered in the Kaseya Unitrends Backup Appliance, where multiple functions in the bpserverd daemon were vulnerable to arbitrary remote code execution as...
Unitrends Enterprise Backup bpserverd Privilege Escalation
It was discovered that the Unitrends bpserverd proprietary protocol, as exposed via xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system. This is very similar to...
Unitrends Enterprise Backup bpserverd Privilege Escalation Exploit
It was discovered that the Unitrends bpserverd proprietary protocol, as exposed via xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system. This is very similar to...
Unitrends < 10.0.0 RCE Vulnerability - Active Check
Unitrends UEB is prone to a remote code execution RCE vulnerability in bpserverd. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if descriptio...
Unitrends UEB 9 - bpserverd Authentication Bypass Remote Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Unitrends UEB bpserverd authentication bypass RCE', 'Description' = %q It was discovered that the Unitrends bpserverd proprietary protocol, as...
Unitrends UEB bpserverd Authentication Bypass / Remote Command Execution Exploit
It was discovered that the api/storage web interface in Unitrends Backup UB before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system. Th...
Unitrends UEB bpserverd authentication bypass RCE
It was discovered that the Unitrends bpserverd proprietary protocol, as exposed via xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system. This module requires Metasploit:...
Unitrends UEB 9.1 - Unitrends bpserverd Remote Command Execution Exploit
Exploit for linux platform in category remote exploits Exploit Title: Unauthenticated root RCE for Unitrends UEB 9.1 Date: 08/08/2017 Exploit Authors: Jared Arave, Cale Smith, Benny Husted Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted || https://twitter.com/0xC413 Vendo...
Unitrends Backup License Issue Vulnerability
Unitrends Backup UB is a set of data protection software from the American company Unitrends. The software provides data backup, data recovery and deduplication functions. A security vulnerability exists in the bpserverd proprietary protocol in versions of UB prior to 10.0.0. A remote attacker ca...
Authentication flaw
It was discovered that the bpserverd proprietary protocol in Unitrends Backup UB before 10.0.0, as invoked through xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system...
CVE-2017-12477
It was discovered that the bpserverd proprietary protocol in Unitrends Backup UB before 10.0.0, as invoked through xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system...
CVE-2017-12477
It was discovered that the bpserverd proprietary protocol in Unitrends Backup UB before 10.0.0, as invoked through xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system...
CVE-2017-12477
Unitrends UEB bpserverd in UB versions prior to 10.0.0 is vulnerable to an authentication bypass via the bpserverd protocol exposed through xinetd, enabling remote root command execution. Public references (exploit-db, metasploit, OpenVAS entries) document the RCE actions. Affected: Unitrends Bac...