CVE-2018-11183
Quest DR Series Disk Backup Software before 4.0.3.1 contains multiple command-injection vulnerabilities in its JSON-RPC interface, enabling remote code execution (including unauthenticated login) via numerous endpoints. The CoreLabs CORE-2018-0002 advisory details extensive CVEs (e.g., CVE-2018-1...