Lucene search
K
UnitrendsEnterprise Backup

8 matches found

CVE
CVE
added 2017/04/12 10:0 p.m.64 views

CVE-2017-7280

Unitrents Enterprise Backup (before 9.0.0) contains a remote code execution vulnerability in api/includes/systems.php where user input is not properly filtered before passing to a popen call. This allows an attacker to craft a payload via user variables, leading to code execution. Products affect...

9.8CVSS9.7AI score0.06179EPSS
CVE
CVE
added 2017/04/12 10:0 p.m.54 views

CVE-2017-7279

CVE-2017-7279 affects Unitrends Enterprise Backup before 9.0.0. An unprivileged user can escalate to root by modifying the login session cookie named “token” on the web server. Root cause: inadequate protection/verification of the authentication token cookie. Impact: full root privileges on the a...

10CVSS9.5AI score0.04394EPSS
CVE
CVE
added 2017/04/12 10:0 p.m.52 views

CVE-2017-7281

CVE-2017-7281 affects Unitrends Enterprise Backup prior to 9.1.2. The vulnerability is due to unsanitized user input in recoveryconsole/bpl/reports.php (createReportName and saveReport), allowing an authenticated user to create a file on disk with a user-controlled extension, content, and path, r...

8.8CVSS9AI score0.04318EPSS
Web
CVE
CVE
added 2017/04/20 2:43 a.m.50 views

CVE-2017-7283

CVE-2017-7283 affects Unitrends Enterprise Backup prior to 9.1.2. An authenticated user can trigger arbitrary OS command execution by supplying a specially crafted filename to the /api/restore/download-files endpoint, related to the downloadFiles function in api/includes/restore.php. The NVD data...

9CVSS9.1AI score0.0428EPSS
Web
CVE
CVE
added 2017/04/20 2:43 a.m.48 views

CVE-2017-7282

The CVE-2017-7282 vulnerability affects Unitrends Enterprise Backup before 9.1.1. The downloadFile function in api/includes/restore.php accepts any filename passed to /api/restore/download, allowing an authenticated attacker to read arbitrary files accessible to the web server (Local File Inclusi...

7.1CVSS6.2AI score0.04281EPSS
Web
CVE
CVE
added 2017/04/12 10:0 p.m.48 views

CVE-2017-7284

The CVE-2017-7284 entry describes a vulnerability in Unitrends Enterprise Backup (pre-9.1.2) where an attacker who has hijacked a web session can use api/includes/users.php to change the password of the currently logged-in account without knowing the existing password, enabling account takeover. ...

8.8CVSS9AI score0.02656EPSS
Web
CVE
CVE
added 2014/05/02 10:0 a.m.44 views

CVE-2014-3139

CVE-2014-3139 affects Unitrends Enterprise Backup 7.3.0, where recoveryconsole/bpl/snmpd.php allows remote authentication bypass by sending the auth parameter as a certain string. This is a remote, unauthenticated bypass with potential partial confidentiality, integrity, and availability impact a...

7.5CVSS7.1AI score0.03309EPSS
Web
CVE
CVE
added 2014/04/28 2:0 p.m.40 views

CVE-2014-3008

Unitrends Enterprise Backup 7.3.0 is affected by multiple vulnerabilities, including remote code execution and an authentication bypass. The CVE-2014-3008 entry documents that remote authenticated users can execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconso...

10CVSS7.5AI score0.07018EPSS
Web