5 results (0.013 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

In Unitrends Backup before 10.4.1, an HTTP request parameter was not properly sanitized, allowing for SQL injection that resulted in an authentication bypass. En Unitrends Backup en versiones anteriores a la 10.4.1, un parámetro de solicitud HTTP no fue saneado adecuadamente, permitiendo la inyección SQL que resultó en una omisión de autentificación • https://support.unitrends.com/UnitrendsBackup/s/article/000006983 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

CloudBerry Backup v6.1.2.34 allows local privilege escalation via a Pre or Post backup action. With only user-level access, a user can modify the backup plan and add a Pre backup action script that executes on behalf of NT AUTHORITY\SYSTEM. CloudBerry Backup versión v6.1.2.34, permite la escalada de privilegios locales por medio de una acción Pre backup o Post backup. Con solo acceso de nivel de usuario, un usuario puede modificar el plan de copia de seguridad y agregar un script de la acción Pre backup que se ejecuta en nombre de AUTHORITY\SYSTEM de NT. • https://www.sevenlayers.com/index.php/243-cloudberry-backup-local-privilege-escalation • CWE-269: Improper Privilege Management •

CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 2

It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL injection, allowing a remote attacker to place a privilege escalation exploit on the target system and subsequently execute arbitrary commands. Se ha descubierto que en Unitrends Backup (UB), en versiones anteriores a la 10.1.0, la autenticación libbpext.so podía omitirse con una inyección SQL que permitía que un atacante remoto colocase un exploit de escalado de privilegios en el sistema objetivo y, subsecuentemente, ejecute comandos arbitrarios. • https://www.exploit-db.com/exploits/45913 https://www.exploit-db.com/exploits/44297 https://support.unitrends.com/UnitrendsBackup/s/article/000001150 https://support.unitrends.com/UnitrendsBackup/s/article/000006003 https://support.unitrends.com/UnitrendsBackup/s/article/000005691 http://blog.redactedsec.net/exploits/2018/04/20/UEB9_tcp.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 10.0EPSS: 97%CPEs: 57EXPL: 3

VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup Exec for NetWare Servers 9.0 and 9.1, and NetBackup for NetWare Media Server Option 4.5 through 5.1 uses a static password during authentication from the NDMP agent to the server, which allows remote attackers to read and write arbitrary files with the backup server. • https://www.exploit-db.com/exploits/1147 http://secunia.com/advisories/16403 http://securityresponse.symantec.com/avcenter/security/Content/2005.08.12b.html http://securitytracker.com/id?1014662 http://www.kb.cert.org/vuls/id/378957 http://www.securityfocus.com/bid/14551 http://www.us-cert.gov/cas/techalerts/TA05-224A.html http://www.vupen.com/english/advisories/2005/1387 https://exchange.xforce.ibmcloud.com/vulnerabilities/21793 https://web.archive.org/web/20120227144337/http& •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Veritas Backup agent on Linux allows remote attackers to cause a denial of service by establishing a connection without sending any data, which causes the process to hang. • http://marc.info/?l=bugtraq&m=97958921407182&w=2 http://www.securityfocus.com/bid/2204 •