Lucene search
K

9 matches found

OpenVAS
OpenVAS
added 2017/10/23 12:0 a.m.27 views

Unitrends < 10.0.0 Multiple Vulnerabilities

Unitrends UEB is prone to multiple vulnerabilities. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

10CVSS9.3AI score0.78269EPSS
Exploits25References6
Exploit DB
Exploit DB
added 2017/10/23 12:0 a.m.63 views

Unitrends UEB 9 - bpserverd Authentication Bypass Remote Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Unitrends UEB bpserverd authentication bypass RCE', 'Description' = %q It was discovered that the Unitrends bpserverd proprietary protocol, as...

10CVSS9.6AI score0.68217EPSS
Exploits9
0day.today
0day.today
added 2017/10/22 12:0 a.m.50 views

Unitrends UEB bpserverd Authentication Bypass / Remote Command Execution Exploit

It was discovered that the api/storage web interface in Unitrends Backup UB before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system. Th...

10CVSS9.7AI score0.68217EPSS
Exploits9
Packet Storm
Packet Storm
added 2017/10/21 12:0 a.m.46 views

Unitrends UEB bpserverd Authentication Bypass / Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Unitrends UEB bpserverd authentication bypass RCE', 'Description' = %q It was discovered that the Unitrends bpserverd proprietary protocol, as...

10CVSS9.2AI score0.68217EPSS
Exploits9
Metasploit
Metasploit
added 2017/10/06 3:38 p.m.50 views

Unitrends UEB bpserverd authentication bypass RCE

It was discovered that the Unitrends bpserverd proprietary protocol, as exposed via xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system. This module requires Metasploit:...

9.8CVSS9.8AI score0.68217EPSS
Exploits9
Packet Storm
Packet Storm
added 2017/10/05 12:0 a.m.49 views

Unitrends UEB 9.1 bpserverd Remote Command Execution

Exploit Title: Unauthenticated root RCE for Unitrends UEB 9.1 Date: 08/08/2017 Exploit Authors: Jared Arave, Cale Smith, Benny Husted Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted || https://twitter.com/0xC413 Vendor Homepage: https://www.unitrends.com/ Software Link:...

10CVSS0.2AI score0.68217EPSS
Exploits9
Circl
Circl
added 2017/08/08 12:0 a.m.18 views

CVE-2017-12477

creationtimestamp| type| source ---|---|--- 2017-08-08 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/42957 2017-10-23 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/43031 2018-05-29 15:50:33+00:00| seen|...

10CVSS9.2AI score0.68217EPSS
Exploits9References3
Cvelist
Cvelist
added 2017/08/07 3:0 p.m.28 views

CVE-2017-12477

It was discovered that the bpserverd proprietary protocol in Unitrends Backup UB before 10.0.0, as invoked through xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system...

10AI score0.68217EPSS
Exploits9References2
CVE
CVE
added 2017/08/07 3:0 p.m.76 views

CVE-2017-12477

Unitrends UEB bpserverd in UB versions prior to 10.0.0 is vulnerable to an authentication bypass via the bpserverd protocol exposed through xinetd, enabling remote root command execution. Public references (exploit-db, metasploit, OpenVAS entries) document the RCE actions. Affected: Unitrends Bac...

10CVSS9.8AI score0.68217EPSS
Exploits9References2Affected Software1
Rows per page
Query Builder