Lucene search
K

283 matches found

Prion
Prion
added 2017/04/12 10:59 p.m.18 views

Remote code execution

An issue was discovered in api/includes/systems.php in Unitrends Enterprise Backup before 9.0.0. User input is not properly filtered before being sent to a popen function. This allows for remote code execution by sending a specially crafted user variable...

7.5CVSS9.6AI score0.06179EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2017/04/12 10:0 p.m.18 views

CVE-2017-7281

An issue was discovered in Unitrends Enterprise Backup before 9.1.2. A lack of sanitization of user input in the createReportName and saveReport functions in recoveryconsole/bpl/reports.php allows for an authenticated user to create a randomly named file on disk with a user-controlled extension,...

9.1AI score0.04318EPSS
Exploits1References1
Cvelist
Cvelist
added 2017/04/12 10:0 p.m.23 views

CVE-2017-7284

An attacker that has hijacked a Unitrends Enterprise Backup before 9.1.2 web server session can leverage api/includes/users.php to change the password of the logged in account without knowing the current password. This allows for an account takeover...

9.1AI score0.02656EPSS
Exploits1References1
Cvelist
Cvelist
added 2017/04/12 10:0 p.m.21 views

CVE-2017-7280

An issue was discovered in api/includes/systems.php in Unitrends Enterprise Backup before 9.0.0. User input is not properly filtered before being sent to a popen function. This allows for remote code execution by sending a specially crafted user variable...

9.8AI score0.06179EPSS
Exploits1References1
Cvelist
Cvelist
added 2017/04/12 10:0 p.m.18 views

CVE-2017-7279

An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to root privileges by modifying the "token" cookie issued at login...

9.7AI score0.04394EPSS
Exploits0References1
CVE
CVE
added 2017/04/12 10:0 p.m.54 views

CVE-2017-7279

CVE-2017-7279 affects Unitrends Enterprise Backup before 9.0.0. An unprivileged user can escalate to root by modifying the login session cookie named “token” on the web server. Root cause: inadequate protection/verification of the authentication token cookie. Impact: full root privileges on the a...

10CVSS9.5AI score0.04394EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2017/04/12 10:0 p.m.48 views

CVE-2017-7284

The CVE-2017-7284 entry describes a vulnerability in Unitrends Enterprise Backup (pre-9.1.2) where an attacker who has hijacked a web session can use api/includes/users.php to change the password of the currently logged-in account without knowing the existing password, enabling account takeover. ...

8.8CVSS9AI score0.02656EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2017/04/12 10:0 p.m.52 views

CVE-2017-7281

CVE-2017-7281 affects Unitrends Enterprise Backup prior to 9.1.2. The vulnerability is due to unsanitized user input in recoveryconsole/bpl/reports.php (createReportName and saveReport), allowing an authenticated user to create a file on disk with a user-controlled extension, content, and path, r...

8.8CVSS9AI score0.04318EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2017/04/12 10:0 p.m.64 views

CVE-2017-7280

Unitrents Enterprise Backup (before 9.0.0) contains a remote code execution vulnerability in api/includes/systems.php where user input is not properly filtered before passing to a popen call. This allows an attacker to craft a payload via user variables, leading to code execution. Products affect...

9.8CVSS9.7AI score0.06179EPSS
Exploits1References1Affected Software1
OpenVAS
OpenVAS
added 2017/04/12 12:0 a.m.11 views

Kaseya Unitrends Detection (HTTP)

HTTP based detection of Kaseya Unitrends. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribut...

0.3AI score
Exploits0References1
OpenVAS
OpenVAS
added 2017/04/12 12:0 a.m.32 views

Unitrends < 9.1.2 Multiple Vulnerabilities

Unitrends is prone to multiple vulnerabilities. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

10CVSS7.1AI score0.06179EPSS
Exploits5References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.20 views

Unitrends Enterprise Backup 7.3.0 - Unauthenticated Root RCE

No description provided by source...

7.1AI score
Exploits0
NVD
NVD
added 2014/05/02 10:55 a.m.20 views

CVE-2014-3139

recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.0 allows remote attackers to bypass authentication by setting the auth parameter to a certain string...

7.5CVSS6.9AI score0.03309EPSS
Exploits1References3
Prion
Prion
added 2014/05/02 10:55 a.m.19 views

Authentication flaw

recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.0 allows remote attackers to bypass authentication by setting the auth parameter to a certain string...

7.5CVSS7.4AI score0.03309EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2014/05/02 10:0 a.m.23 views

CVE-2014-3139

recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.0 allows remote attackers to bypass authentication by setting the auth parameter to a certain string...

6.9AI score0.03309EPSS
Exploits1References3
NVD
NVD
added 2014/04/28 2:9 p.m.10 views

CVE-2014-3008

Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconsole/bpl/snmpd.php...

10CVSS7.3AI score0.07018EPSS
Exploits1References6
Prion
Prion
added 2014/04/28 2:9 p.m.10 views

Code injection

Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconsole/bpl/snmpd.php...

10CVSS7.8AI score0.07018EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2014/04/28 2:0 p.m.17 views

CVE-2014-3008

Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconsole/bpl/snmpd.php...

7.2AI score0.07018EPSS
Exploits1References6
CVE
CVE
added 2014/04/28 2:0 p.m.40 views

CVE-2014-3008

Unitrends Enterprise Backup 7.3.0 is affected by multiple vulnerabilities, including remote code execution and an authentication bypass. The CVE-2014-3008 entry documents that remote authenticated users can execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconso...

10CVSS7.5AI score0.07018EPSS
Exploits1References6Affected Software1
Packet Storm
Packet Storm
added 2014/04/15 12:0 a.m.33 views

Unitrends Unauthenticated Root Command Execution

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "Unitrends Unauthenticated Root RCE", 'Description' = %q , 'License' = MSFLICENSE, 'Author' = 'Brandon Perry ' discovery/metasploit...

0.6AI score
Exploits0
Rows per page
Query Builder