Urbackup Security Vulnerabilities

CVE-2023-47102

UrBackup Server 2.5.31 allows brute-force enumeration of user accounts because a failure message confirms that a username is not...

CVE-2018-20013

In UrBackup 2.2.6, an attacker can send a malformed request to the client over the network, and trigger a fileservplugin/CClientThread.cpp CClientThread::ProcessPacket metadata_id!=0 assertion, leading to shutting down the client...

CVE-2018-20014

In UrBackup 2.2.6, an attacker can send a malformed request to the client over the network, and trigger a fileservplugin/CClientThread.cpp CClientThread::GetFileHashAndMetadata NULL pointer dereference, leading to shutting down the client...

CVE-2017-16950

Cross - site scripting (XSS) vulnerability in UrBackup Server before 2.1.20 allows remote attackers to inject arbitrary web script or HTML via the action...