Lucene search
K

7 matches found

0day.today
0day.today
added 2018/10/06 12:0 a.m.112 views

Unitrends UEB HTTP API Remote Code Execution Exploit

It was discovered that the api/storage web interface in Unitrends Backup UB before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system. UE...

10CVSS1.2AI score0.78269EPSS
Exploits15
Circl
Circl
added 2018/10/05 9:28 p.m.36 views

CVE-2018-6328

creationtimestamp| type| source ---|---|--- 2018-10-05 21:28:59+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/uebapirce.rb 2018-10-08 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/45559 2025-02-06 03:13:43+00:00| seen|...

9.8CVSS9.3AI score0.6552EPSS
Exploits6References2
Packet Storm
Packet Storm
added 2018/10/05 12:0 a.m.62 views

Unitrends UEB HTTP API Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Unitrends UEB http api remote code execution', 'Description' = %q It was discovered that the api/storage web interface in Unitrends Backup UB...

10CVSS0.3AI score0.78269EPSS
Exploits15
Exploit DB
Exploit DB
added 2018/03/16 12:0 a.m.53 views

Unitrends UEB 10.0 - Root Remote Code Execution

Exploit Title: Unauthenticated root RCE for Unitrends UEB 10.0 Date: 10/17/2017 Exploit Authors: Cale Smith, Benny Husted, Jared Arave Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted || https://twitter.com/0xC413 Vendor Homepage: https://www.unitrends.com/ Software Link:...

10CVSS7AI score0.6552EPSS
Exploits11
exploitpack
exploitpack
added 2018/03/16 12:0 a.m.29 views

Unitrends UEB 10.0 - Root Remote Code Execution

Unitrends UEB 10.0 - Root Remote Code Execution Exploit Title: Unauthenticated root RCE for Unitrends UEB 10.0 Date: 10/17/2017 Exploit Authors: Cale Smith, Benny Husted, Jared Arave Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted || https://twitter.com/0xC413 Vendor...

10CVSS0.6AI score0.6552EPSS
Exploits11
CVE
CVE
added 2018/03/14 7:0 p.m.77 views

CVE-2018-6328

CVE-2018-6328 affects Unitrends Backup/UEB before 10.1.0 where the UI authentication bypass can allow an unauthenticated user to inject commands into /api/hosts via backquotes. The vulnerability enables remote code execution with high impact, as described in public references and exploit entries....

9.8CVSS9.7AI score0.6552EPSS
Exploits6References4Affected Software1
Cvelist
Cvelist
added 2018/03/14 7:0 p.m.21 views

CVE-2018-6328

It was discovered that the Unitrends Backup UB before 10.1.0 user interface was exposed to an authentication bypass, which then could allow an unauthenticated user to inject arbitrary commands into its /api/hosts parameters using backquotes...

9.8AI score0.6552EPSS
Exploits6References4
Rows per page
Query Builder