7 matches found
Unitrends UEB HTTP API Remote Code Execution Exploit
It was discovered that the api/storage web interface in Unitrends Backup UB before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system. UE...
CVE-2018-6328
creationtimestamp| type| source ---|---|--- 2018-10-05 21:28:59+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/uebapirce.rb 2018-10-08 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/45559 2025-02-06 03:13:43+00:00| seen|...
Unitrends UEB HTTP API Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Unitrends UEB http api remote code execution', 'Description' = %q It was discovered that the api/storage web interface in Unitrends Backup UB...
Unitrends UEB 10.0 - Root Remote Code Execution
Exploit Title: Unauthenticated root RCE for Unitrends UEB 10.0 Date: 10/17/2017 Exploit Authors: Cale Smith, Benny Husted, Jared Arave Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted || https://twitter.com/0xC413 Vendor Homepage: https://www.unitrends.com/ Software Link:...
Unitrends UEB 10.0 - Root Remote Code Execution
Unitrends UEB 10.0 - Root Remote Code Execution Exploit Title: Unauthenticated root RCE for Unitrends UEB 10.0 Date: 10/17/2017 Exploit Authors: Cale Smith, Benny Husted, Jared Arave Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted || https://twitter.com/0xC413 Vendor...
CVE-2018-6328
CVE-2018-6328 affects Unitrends Backup/UEB before 10.1.0 where the UI authentication bypass can allow an unauthenticated user to inject commands into /api/hosts via backquotes. The vulnerability enables remote code execution with high impact, as described in public references and exploit entries....
CVE-2018-6328
It was discovered that the Unitrends Backup UB before 10.1.0 user interface was exposed to an authentication bypass, which then could allow an unauthenticated user to inject arbitrary commands into its /api/hosts parameters using backquotes...