Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
WhitebearsolutionsWbsairback

16 matches found

CVE
CVEadded 2024/04/15 2:15 p.m.61 views

CVE-2024-3781

Command injection vulnerability in the operating system. Improper neutralisation of special elements in Active Directory integration allows the intended command to be modified when sent to a downstream component in WBSAirback 21.02.04.

9.1CVSS7.2AI score0.00242EPSS
CVE
CVEadded 2024/04/15 2:15 p.m.58 views

CVE-2024-3784

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through S3 Accounts (/admin/CloudAccounts). Exploitation of this vulnerability could allow a remote user to execute arbitrary code.

6.6CVSS7.5AI score0.00354EPSS
CVE
CVEadded 2024/04/15 2:15 p.m.54 views

CVE-2024-3786

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through Device Synchronizations (/admin/DeviceReplication). Exploitation of this vulnerability could allow a remote user to execute arbitrary code.

6.6CVSS7.5AI score0.00354EPSS
CVE
CVEadded 2024/04/15 2:15 p.m.53 views

CVE-2024-3782

Cross-Site Request Forgery vulnerability in WBSAirback 21.02.04, which could allow an attacker to create a manipulated HTML form to perform privileged actions once it is executed by a privileged user.

8.8CVSS6.6AI score0.00136EPSS
CVE
CVEadded 2024/04/15 2:15 p.m.50 views

CVE-2024-3783

The Backup Agents section in WBSAirback 21.02.04 is affected by a Path Traversal vulnerability, allowing a user with low privileges to download files from the system.

7.7CVSS6.7AI score0.00151EPSS
CVE
CVEadded 2024/04/15 2:15 p.m.44 views

CVE-2024-3785

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through Device NAS shared section (/admin/DeviceNAS). Exploitation of this vulnerability could allow a remote user to execute arbitrary code.

6.6CVSS7.5AI score0.00354EPSS
CVE
CVEadded 2024/05/14 3:42 p.m.30 views

CVE-2024-3787

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through S3 disks (/admin/DeviceS3). Exploitation of this vulnerability could allow a remote user to execute arbitrary code.

6.6CVSS7.5AI score0.0156EPSS
CVE
CVEadded 2024/05/14 3:42 p.m.28 views

CVE-2024-3792

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/DeviceReplication, execution range field, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session dat...

4.8CVSS5.9AI score0.00478EPSS
CVE
CVEadded 2024/05/14 3:42 p.m.25 views

CVE-2024-3788

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through License (/admin/CDPUsers). Exploitation of this vulnerability could allow a remote user to execute arbitrary code.

6.6CVSS7.5AI score0.00682EPSS
CVE
CVEadded 2024/05/14 3:42 p.m.24 views

CVE-2024-3791

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/SystemConfiguration, name / free memory limit fields , type / password parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim an...

4.8CVSS6AI score0.00193EPSS
CVE
CVEadded 2024/05/14 3:42 p.m.23 views

CVE-2024-3790

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/SystemUsers, login / description fields, passwd1/ passwd2 parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their...

4.8CVSS5.8AI score0.00071EPSS
CVE
CVEadded 2024/05/14 3:42 p.m.23 views

CVE-2024-3795

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/BackupTemplate, name / description fields. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data.

4.8CVSS5.8AI score0.00193EPSS
CVE
CVEadded 2024/05/14 3:42 p.m.20 views

CVE-2024-3789

Uncontrolled resource consumption vulnerability in White Bear Solutions WBSAirback, version 21.02.04. This vulnerability could allow an attacker to send multiple command injection payloads to influence the amount of resources consumed.

6.5CVSS7.3AI score0.00465EPSS
CVE
CVEadded 2024/05/14 3:42 p.m.19 views

CVE-2024-3793

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/CloudAccounts, account name / user password / server fields, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and stea...

4.8CVSS6AI score0.00193EPSS
CVE
CVEadded 2024/05/14 3:42 p.m.19 views

CVE-2024-3794

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/AdvancedSystem, description field, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data.

4.8CVSS5.8AI score0.00193EPSS
CVE
CVEadded 2024/05/14 3:42 p.m.18 views

CVE-2024-3796

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/BackupSchedule, description field. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data.

4.8CVSS5.8AI score0.00085EPSS