Skip to main content

Enterprise Backup

8 CVEs product

Monthly

CVE-2017-7283 HIGH POC THREAT Act Now

An authenticated user of Unitrends Enterprise Backup before 9.1.2 can execute arbitrary OS commands by sending a specially crafted filename to the /api/restore/download-files endpoint, related to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 16.6%.

PHP Information Disclosure Enterprise Backup
NVD
CVSS 3.0
8.8
EPSS
16.6%
CVE-2017-7282 MEDIUM POC This Month

An issue was discovered in Unitrends Enterprise Backup before 9.1.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Enterprise Backup
NVD
CVSS 3.0
5.5
EPSS
7.5%
CVE-2017-7284 HIGH POC This Week

An attacker that has hijacked a Unitrends Enterprise Backup (before 9.1.2) web server session can leverage api/includes/users.php to change the password of the logged in account without knowing the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Enterprise Backup
NVD
CVSS 3.0
8.8
EPSS
3.8%
CVE-2017-7281 HIGH POC This Week

An issue was discovered in Unitrends Enterprise Backup before 9.1.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Enterprise Backup
NVD
CVSS 3.0
8.8
EPSS
7.4%
CVE-2017-7280 CRITICAL POC THREAT Emergency

An issue was discovered in api/includes/systems.php in Unitrends Enterprise Backup before 9.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.2%.

RCE PHP Enterprise Backup
NVD
CVSS 3.0
9.8
EPSS
10.2%
CVE-2017-7279 CRITICAL Act Now

An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to root privileges by modifying the "token" cookie issued at login. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Enterprise Backup
NVD
CVSS 3.0
9.8
EPSS
4.5%
CVE-2014-3139 HIGH POC This Week

recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.0 allows remote attackers to bypass authentication by setting the auth parameter to a certain string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Enterprise Backup
NVD Exploit-DB GitHub VulDB
CVSS 2.0
7.5
EPSS
4.3%
CVE-2014-3008 CRITICAL POC THREAT Emergency

Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconsole/bpl/snmpd.php. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 21.9%.

Command Injection PHP Enterprise Backup
NVD Exploit-DB GitHub VulDB
CVSS 2.0
10.0
EPSS
21.9%
Threat
4.2
EPSS 17% CVSS 8.8
HIGH POC THREAT Act Now

An authenticated user of Unitrends Enterprise Backup before 9.1.2 can execute arbitrary OS commands by sending a specially crafted filename to the /api/restore/download-files endpoint, related to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 16.6%.

PHP Information Disclosure Enterprise Backup
NVD
EPSS 8% CVSS 5.5
MEDIUM POC This Month

An issue was discovered in Unitrends Enterprise Backup before 9.1.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Enterprise Backup
NVD
EPSS 4% CVSS 8.8
HIGH POC This Week

An attacker that has hijacked a Unitrends Enterprise Backup (before 9.1.2) web server session can leverage api/includes/users.php to change the password of the logged in account without knowing the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Enterprise Backup
NVD
EPSS 7% CVSS 8.8
HIGH POC This Week

An issue was discovered in Unitrends Enterprise Backup before 9.1.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD
EPSS 10% CVSS 9.8
CRITICAL POC THREAT Emergency

An issue was discovered in api/includes/systems.php in Unitrends Enterprise Backup before 9.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.2%.

RCE PHP Enterprise Backup
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to root privileges by modifying the "token" cookie issued at login. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Enterprise Backup
NVD
EPSS 4% CVSS 7.5
HIGH POC This Week

recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.0 allows remote attackers to bypass authentication by setting the auth parameter to a certain string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Enterprise Backup
NVD Exploit-DB GitHub VulDB
EPSS 22% 4.2 CVSS 10.0
CRITICAL POC THREAT Emergency

Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconsole/bpl/snmpd.php. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 21.9%.

Command Injection PHP Enterprise Backup
NVD Exploit-DB GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy