Show filters
4 Total Results
Displaying 1-4 of 4
Sort by:
Attacker Value
Unknown

CVE-2023-47102

Disclosure Date: November 07, 2023 (last updated November 14, 2023)
UrBackup Server 2.5.31 allows brute-force enumeration of user accounts because a failure message confirms that a username is not valid.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2018-20013

Disclosure Date: June 18, 2019 (last updated November 27, 2024)
In UrBackup 2.2.6, an attacker can send a malformed request to the client over the network, and trigger a fileservplugin/CClientThread.cpp CClientThread::ProcessPacket metadata_id!=0 assertion, leading to shutting down the client application.
0
0
Attacker Value
Unknown

CVE-2018-20014

Disclosure Date: June 07, 2019 (last updated November 27, 2024)
In UrBackup 2.2.6, an attacker can send a malformed request to the client over the network, and trigger a fileservplugin/CClientThread.cpp CClientThread::GetFileHashAndMetadata NULL pointer dereference, leading to shutting down the client application.
0
0
Attacker Value
Unknown

CVE-2017-16950

Disclosure Date: December 17, 2017 (last updated November 26, 2024)
Cross - site scripting (XSS) vulnerability in UrBackup Server before 2.1.20 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
0
0