Vulnerabilities > Bacula

DATE CVE VULNERABILITY TITLE RISK
2018-03-07 CVE-2017-15367 SQL Injection vulnerability in Bacula Bacula-Web
Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection vulnerabilities that could allow an attacker to access the Bacula database and, depending on configuration, escalate privileges on the server.
network
low complexity
bacula CWE-89
critical
9.8
2007-10-23 CVE-2007-5626 Cleartext Transmission of Sensitive Information vulnerability in Bacula
make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffing the network.
local
low complexity
bacula CWE-319
5.5