Vulnerabilities
Vulnerable Software
Bacula:  Security Vulnerabilities
Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection vulnerabilities that could allow an attacker to access the Bacula database and, depending on configuration, escalate privileges on the server.
CVSS Score
9.8
EPSS Score
0.247
Published
2018-03-07
SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows remote attackers to execute arbitrary SQL commands via the jobid parameter.
CVSS Score
7.5
EPSS Score
0.009
Published
2014-10-15
The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors.
CVSS Score
4.0
EPSS Score
0.006
Published
2012-10-10
mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mtx.##### temporary file, probably a related issue to CVE-2005-2995.
CVSS Score
6.9
EPSS Score
0.0
Published
2008-12-08
make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffing the network.
CVSS Score
5.5
EPSS Score
0.0
Published
2007-10-23
bacula 1.36.3 and earlier allows local users to modify or read sensitive files via symlink attacks on (1) the temporary file used by autoconf/randpass when openssl is not available, or (2) the mtx.[PID] temporary file in mtx-changer.in.
CVSS Score
3.6
EPSS Score
0.001
Published
2005-09-20


Contact Us

Shodan ® - All rights reserved