Vulnerabilities > Bacula

DATE CVE VULNERABILITY TITLE RISK
2018-03-07 CVE-2017-15367 SQL Injection vulnerability in Bacula Bacula-Web
Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection vulnerabilities that could allow an attacker to access the Bacula database and, depending on configuration, escalate privileges on the server.
network
low complexity
bacula CWE-89
7.5
2014-10-15 CVE-2014-8295 SQL Injection vulnerability in Bacula Bacula-Web 5.2.10
SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows remote attackers to execute arbitrary SQL commands via the jobid parameter.
network
low complexity
bacula CWE-89
7.5
2012-10-10 CVE-2012-4430 Permissions, Privileges, and Access Controls vulnerability in multiple products
The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors.
network
low complexity
bacula debian CWE-264
4.0
2008-12-08 CVE-2008-5373 Link Following vulnerability in Bacula 2.4.2
mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mtx.##### temporary file, probably a related issue to CVE-2005-2995.
local
bacula CWE-59
6.9
2007-10-23 CVE-2007-5626 Cleartext Transmission of Sensitive Information vulnerability in Bacula
make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffing the network.
local
low complexity
bacula CWE-319
5.5
2005-09-20 CVE-2005-2995 Denial-Of-Service vulnerability in Bacula
bacula 1.36.3 and earlier allows local users to modify or read sensitive files via symlink attacks on (1) the temporary file used by autoconf/randpass when openssl is not available, or (2) the mtx.[PID] temporary file in mtx-changer.in.
local
low complexity
bacula
3.6