Search criteria
7 vulnerabilities by bacula
CVE-2025-45346 (GCVE-0-2025-45346)
Vulnerability from cvelistv5 – Published: 2025-07-29 00:00 – Updated: 2025-07-29 20:04
VLAI
Summary
SQL Injection vulnerability in Bacula-web before v.9.7.1 allows a remote attacker to execute arbitrary code via a crafted HTTP GET request.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-45346",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T20:02:51.888057Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T20:04:18.827Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in Bacula-web before v.9.7.1 allows a remote attacker to execute arbitrary code via a crafted HTTP GET request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T19:36:20.171Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/bacula-web/bacula-web/releases/tag/v9.7.1"
},
{
"url": "https://github.com/bacula-web/bacula-web/commit/ad5d94809f17994a61496ecfec9cd3a16ac14a5f"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-45346",
"datePublished": "2025-07-29T00:00:00.000Z",
"dateReserved": "2025-04-22T00:00:00.000Z",
"dateUpdated": "2025-07-29T20:04:18.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15367 (GCVE-0-2017-15367)
Vulnerability from cvelistv5 – Published: 2018-03-07 20:00 – Updated: 2024-08-05 19:57
VLAI
Summary
Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection vulnerabilities that could allow an attacker to access the Bacula database and, depending on configuration, escalate privileges on the server.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://bacula-web.org/download/articles/bacula-we… | x_refsource_CONFIRM |
| https://www.exploit-db.com/exploits/44272/ | exploitx_refsource_EXPLOIT-DB |
| http://bugs.bacula-web.org/view.php?id=211 | x_refsource_CONFIRM |
| https://github.com/bacula-web/bacula-web/commit/9… | x_refsource_CONFIRM |
Date Public
2018-03-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:25.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bacula-web.org/download/articles/bacula-web-8-0-0-rc2.html"
},
{
"name": "44272",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44272/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.bacula-web.org/view.php?id=211"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bacula-web/bacula-web/commit/90d4c44a0dd0d65c6fb3ab2417b83d700c8413ae"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection vulnerabilities that could allow an attacker to access the Bacula database and, depending on configuration, escalate privileges on the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-11T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bacula-web.org/download/articles/bacula-web-8-0-0-rc2.html"
},
{
"name": "44272",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44272/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.bacula-web.org/view.php?id=211"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bacula-web/bacula-web/commit/90d4c44a0dd0d65c6fb3ab2417b83d700c8413ae"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15367",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection vulnerabilities that could allow an attacker to access the Bacula database and, depending on configuration, escalate privileges on the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bacula-web.org/download/articles/bacula-web-8-0-0-rc2.html",
"refsource": "CONFIRM",
"url": "http://bacula-web.org/download/articles/bacula-web-8-0-0-rc2.html"
},
{
"name": "44272",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44272/"
},
{
"name": "http://bugs.bacula-web.org/view.php?id=211",
"refsource": "CONFIRM",
"url": "http://bugs.bacula-web.org/view.php?id=211"
},
{
"name": "https://github.com/bacula-web/bacula-web/commit/90d4c44a0dd0d65c6fb3ab2417b83d700c8413ae",
"refsource": "CONFIRM",
"url": "https://github.com/bacula-web/bacula-web/commit/90d4c44a0dd0d65c6fb3ab2417b83d700c8413ae"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15367",
"datePublished": "2018-03-07T20:00:00.000Z",
"dateReserved": "2017-10-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:57:25.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8295 (GCVE-0-2014-8295)
Vulnerability from cvelistv5 – Published: 2014-10-15 14:00 – Updated: 2024-09-16 20:26
VLAI
Summary
SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows remote attackers to execute arbitrary SQL commands via the jobid parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://osvdb.org/show/osvdb/112418 | vdb-entryx_refsource_OSVDB |
| http://packetstormsecurity.com/files/128480/Bacul… | x_refsource_MISC |
| http://www.exploit-db.com/exploits/34851 | exploitx_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:51.009Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "112418",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/show/osvdb/112418"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128480/Bacula-web-5.2.10-SQL-Injection.html"
},
{
"name": "34851",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/34851"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows remote attackers to execute arbitrary SQL commands via the jobid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-15T14:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "112418",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/show/osvdb/112418"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128480/Bacula-web-5.2.10-SQL-Injection.html"
},
{
"name": "34851",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/34851"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows remote attackers to execute arbitrary SQL commands via the jobid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "112418",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/112418"
},
{
"name": "http://packetstormsecurity.com/files/128480/Bacula-web-5.2.10-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128480/Bacula-web-5.2.10-SQL-Injection.html"
},
{
"name": "34851",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/34851"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8295",
"datePublished": "2014-10-15T14:00:00.000Z",
"dateReserved": "2014-10-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:26:45.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4430 (GCVE-0-2012-4430)
Vulnerability from cvelistv5 – Published: 2012-10-10 18:00 – Updated: 2024-08-06 20:35
VLAI
Summary
The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://sourceforge.net/projects/bacula/files/bacu… | x_refsource_CONFIRM |
| http://www.debian.org/security/2012/dsa-2558 | vendor-advisoryx_refsource_DEBIAN |
| http://www.openwall.com/lists/oss-security/2012/09/15/2 | mailing-listx_refsource_MLIST |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://www.bacula.org/en/?page=news | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/55505 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/50535 | third-party-advisoryx_refsource_SECUNIA |
| http://www.bacula.org/git/cgit.cgi/bacula/commit/… | x_refsource_CONFIRM |
| http://secunia.com/advisories/50808 | third-party-advisoryx_refsource_SECUNIA |
| http://www.openwall.com/lists/oss-security/2012/0… | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2012/0… | mailing-listx_refsource_MLIST |
Date Public
2012-08-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:09.743Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/bacula/files/bacula/5.2.12/ReleaseNotes/view"
},
{
"name": "DSA-2558",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2558"
},
{
"name": "[oss-security] 20120914 Re: Re: CVE request: bacula: Console ACL Bypass",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/15/2"
},
{
"name": "MDVSA-2012:166",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:166"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bacula.org/en/?page=news"
},
{
"name": "55505",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55505"
},
{
"name": "50535",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50535"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bacula.org/git/cgit.cgi/bacula/commit/?id=67debcecd3d530c429e817e1d778e79dcd1db905"
},
{
"name": "50808",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50808"
},
{
"name": "[oss-security] 20120914 Re: CVE request: bacula: Console ACL Bypass",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/14/12"
},
{
"name": "[oss-security] 20120914 CVE request: bacula: Console ACL Bypass",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/14/11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-11T09:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/bacula/files/bacula/5.2.12/ReleaseNotes/view"
},
{
"name": "DSA-2558",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2558"
},
{
"name": "[oss-security] 20120914 Re: Re: CVE request: bacula: Console ACL Bypass",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/15/2"
},
{
"name": "MDVSA-2012:166",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:166"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bacula.org/en/?page=news"
},
{
"name": "55505",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55505"
},
{
"name": "50535",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50535"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bacula.org/git/cgit.cgi/bacula/commit/?id=67debcecd3d530c429e817e1d778e79dcd1db905"
},
{
"name": "50808",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50808"
},
{
"name": "[oss-security] 20120914 Re: CVE request: bacula: Console ACL Bypass",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/14/12"
},
{
"name": "[oss-security] 20120914 CVE request: bacula: Console ACL Bypass",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/14/11"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4430",
"datePublished": "2012-10-10T18:00:00.000Z",
"dateReserved": "2012-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:35:09.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5373 (GCVE-0-2008-5373)
Vulnerability from cvelistv5 – Published: 2008-12-08 23:00 – Updated: 2024-09-16 19:21
VLAI
Summary
mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mtx.##### temporary file, probably a related issue to CVE-2005-2995.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://lists.debian.org/debian-devel/2008/08/msg0… | mailing-listx_refsource_MLIST |
| http://uvw.ru/report.sid.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-devel] 20080813 Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.debian.org/debian-devel/2008/08/msg00347.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://uvw.ru/report.sid.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mtx.##### temporary file, probably a related issue to CVE-2005-2995."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-12-08T23:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-devel] 20080813 Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.debian.org/debian-devel/2008/08/msg00347.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://uvw.ru/report.sid.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mtx.##### temporary file, probably a related issue to CVE-2005-2995."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-devel] 20080813 Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages",
"refsource": "MLIST",
"url": "http://lists.debian.org/debian-devel/2008/08/msg00347.html"
},
{
"name": "http://uvw.ru/report.sid.txt",
"refsource": "MISC",
"url": "http://uvw.ru/report.sid.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5373",
"datePublished": "2008-12-08T23:00:00.000Z",
"dateReserved": "2008-12-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:21:06.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5626 (GCVE-0-2007-5626)
Vulnerability from cvelistv5 – Published: 2007-10-23 16:00 – Updated: 2024-08-07 15:39
VLAI
Summary
make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffing the network.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://security.gentoo.org/glsa/glsa-200807-10.xml | vendor-advisoryx_refsource_GENTOO |
| http://bugs.bacula.org/view.php?id=990 | x_refsource_CONFIRM |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446809 | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2007/3572 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/27243 | third-party-advisoryx_refsource_SECUNIA |
| http://osvdb.org/41861 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/26156 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/31184 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2007-10-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:39:13.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "bacula-makecatalogbackup-info-disclosure(37336)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37336"
},
{
"name": "GLSA-200807-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200807-10.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.bacula.org/view.php?id=990"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446809"
},
{
"name": "ADV-2007-3572",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3572"
},
{
"name": "27243",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27243"
},
{
"name": "41861",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/41861"
},
{
"name": "26156",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26156"
},
{
"name": "31184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31184"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffing the network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "bacula-makecatalogbackup-info-disclosure(37336)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37336"
},
{
"name": "GLSA-200807-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200807-10.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.bacula.org/view.php?id=990"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446809"
},
{
"name": "ADV-2007-3572",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3572"
},
{
"name": "27243",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27243"
},
{
"name": "41861",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/41861"
},
{
"name": "26156",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26156"
},
{
"name": "31184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31184"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffing the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bacula-makecatalogbackup-info-disclosure(37336)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37336"
},
{
"name": "GLSA-200807-10",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200807-10.xml"
},
{
"name": "http://bugs.bacula.org/view.php?id=990",
"refsource": "CONFIRM",
"url": "http://bugs.bacula.org/view.php?id=990"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446809",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446809"
},
{
"name": "ADV-2007-3572",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3572"
},
{
"name": "27243",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27243"
},
{
"name": "41861",
"refsource": "OSVDB",
"url": "http://osvdb.org/41861"
},
{
"name": "26156",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26156"
},
{
"name": "31184",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31184"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5626",
"datePublished": "2007-10-23T16:00:00.000Z",
"dateReserved": "2007-10-23T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:39:13.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2995 (GCVE-0-2005-2995)
Vulnerability from cvelistv5 – Published: 2005-09-20 04:00 – Updated: 2024-08-07 22:53
VLAI
Summary
bacula 1.36.3 and earlier allows local users to modify or read sensitive files via symlink attacks on (1) the temporary file used by autoconf/randpass when openssl is not available, or (2) the mtx.[PID] temporary file in mtx-changer.in.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.zataz.net/adviso/bacula-09192005.txt | x_refsource_MISC |
| http://marc.info/?l=full-disclosure&m=11272165412… | mailing-listx_refsource_FULLDISC |
| http://www.novell.com/linux/security/advisories/2… | vendor-advisoryx_refsource_SUSE |
| http://bugs.gentoo.org/show_bug.cgi?id=104986 | x_refsource_CONFIRM |
Date Public
2005-09-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:30.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zataz.net/adviso/bacula-09192005.txt"
},
{
"name": "20050920 bacula insecure temporary file creation",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=112721654126735\u0026w=2"
},
{
"name": "SUSE-SR:2005:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_22_sr.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=104986"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "bacula 1.36.3 and earlier allows local users to modify or read sensitive files via symlink attacks on (1) the temporary file used by autoconf/randpass when openssl is not available, or (2) the mtx.[PID] temporary file in mtx-changer.in."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zataz.net/adviso/bacula-09192005.txt"
},
{
"name": "20050920 bacula insecure temporary file creation",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=112721654126735\u0026w=2"
},
{
"name": "SUSE-SR:2005:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_22_sr.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=104986"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bacula 1.36.3 and earlier allows local users to modify or read sensitive files via symlink attacks on (1) the temporary file used by autoconf/randpass when openssl is not available, or (2) the mtx.[PID] temporary file in mtx-changer.in."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zataz.net/adviso/bacula-09192005.txt",
"refsource": "MISC",
"url": "http://www.zataz.net/adviso/bacula-09192005.txt"
},
{
"name": "20050920 bacula insecure temporary file creation",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=112721654126735\u0026w=2"
},
{
"name": "SUSE-SR:2005:022",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_22_sr.html"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=104986",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=104986"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2995",
"datePublished": "2005-09-20T04:00:00.000Z",
"dateReserved": "2005-09-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T22:53:30.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}