CVSS: 9.8EPSS: 24%CPEs: 2EXPL: 2CVE-2017-15367 – Bacula-Web < 8.0.0-rc2 - SQL Injection
https://notcve.org/view.php?id=CVE-2017-15367
07 Mar 2018 — Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection vulnerabilities that could allow an attacker to access the Bacula database and, depending on configuration, escalate privileges on the server. Bacula-web, en versiones anteriores a la 8.0.0-rc2, se ha visto afectado por múltiples vulnerabilidades que podrían permitir que un atacante acceda a la base de datos de Bacula y, dependiendo de la configuración, escalar privilegios en el servidor. Bacula-Web versions prior to 8.0.0-RC2 suffer from mul... • https://packetstorm.news/files/id/146712 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2014-8295 – Bacula-Web 5.2.10 - 'joblogs.php?jobid' SQL Injection
https://notcve.org/view.php?id=CVE-2014-8295
15 Oct 2014 — SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows remote attackers to execute arbitrary SQL commands via the jobid parameter. Vulnerabilidad de inyección SQL en joblogs.php en Bacula-Web 5.2.10 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro jobid. • https://www.exploit-db.com/exploits/34851 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2012-4430 – Gentoo Linux Security Advisory 201405-11
https://notcve.org/view.php?id=CVE-2012-4430
08 Oct 2012 — The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors. La función dump_resource de dird/dird_conf.c en Bacula anteriores a v5.2.11 no hace cumplir correctamente las reglas ACL, permitiendo a usuarior remotos autenticados obtener volcados de la información de recursos mediante vectores no especificados. The dump_resource function in dird/dird_conf.c in Bacu... • http://secunia.com/advisories/50535 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2008-5373
https://notcve.org/view.php?id=CVE-2008-5373
08 Dec 2008 — mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mtx.##### temporary file, probably a related issue to CVE-2005-2995. mtx-changer.Adic-Scalar-24 in bacula-common v2.4.2, permite a usuarios locales sobrescribir ficheros de su elección a través de un enlace de ataque simbólico sobre el fichero temporal /tmp/mtx.#####. Cuestion probablemente relacionada con el CVE-2005-2995. • http://lists.debian.org/debian-devel/2008/08/msg00347.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5626 – Gentoo Linux Security Advisory 200807-10
https://notcve.org/view.php?id=CVE-2007-5626
23 Oct 2007 — make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffing the network. make_catalog_backup en Bacula 2.2.5, y posiblemente anteriores, envíe una contraseña MySQL como un argumento de línea de comando, y algunas veces transmite un e-mail en texto plano conteniendo esta... • http://bugs.bacula.org/view.php?id=990 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 3.6EPSS: 0%CPEs: 1EXPL: 0CVE-2005-2995
https://notcve.org/view.php?id=CVE-2005-2995
20 Sep 2005 — bacula 1.36.3 and earlier allows local users to modify or read sensitive files via symlink attacks on (1) the temporary file used by autoconf/randpass when openssl is not available, or (2) the mtx.[PID] temporary file in mtx-changer.in. • http://bugs.gentoo.org/show_bug.cgi?id=104986 •