4 matches found
CVE-2011-3361
CVE-2011-3361 is an XSS vulnerability in BackupPC 3.2.0 (and possibly earlier) exploitable via the num parameter in the browse action to index.cgi, implemented in CGI/Browse.pm. The issue allows remote attackers to inject arbitrary web script or HTML, with impact described as partial integrity an...
CVE-2009-3369
CVE-2009-3369 affects BackupPC 3.1.0 where CgiUserConfigEdit does not restrict ClientNameAlias in multi-user setups using SSH keys and Rsync, allowing remote authenticated users to read/write sensitive files by aliasing to another system during backup/restore. The issue is due to insufficient res...
CVE-2011-4923
CVE-2011-4923 is an XSS vulnerability in BackupPC’s View.pm affecting versions 3.0.0, 3.1.0, 3.2.0, 3.2.1, and possibly earlier. The flaw allows remote attackers to inject arbitrary web script or HTML via the num parameter in a view action to index.cgi, related to the log file viewer. The vulnera...
CVE-2011-5081
BackupPC (affected: 3.1.0, 3.2.1 and possibly earlier) contains an XSS vulnerability in RestoreFile.pm that can be triggered via the share parameter in a RestoreFile action to index.cgi, allowing remote attackers to inject arbitrary web script/HTML. The issue is documented as CVE-2011-5081. Sever...