Quest NetVault Backup Server < 11.4.5 - SQL Injection / Remote Code Execution Vulnerability

Exploit for multiple platform in category web applications Exploit Title: Quest NetVault Backup Server 11.4.5 Process Manager Service SQL Injection Remote Code Execution Vulnerability ZDI-17-982 Exploit Author: credit goes to rgod for finding the bug Version: Quest NetVault Backup Server 11.4.5 C...

Quest NetVault Backup Server &lt; 11.4.5 - Process Manager Service SQL Injection / Remote Code Execution

Exploit Title: Quest NetVault Backup Server 11.4.5 Process Manager Service SQL Injection Remote Code Execution Vulnerability ZDI-17-982 Date: 2-21-2019 Exploit Author: credit goes to rgod for finding the bug Version: Quest NetVault Backup Server 11.4.5 CVE : CVE-2017-17417 There is a decent...

Quest NetVault Backup Server < 11.4.5 Process Manager Service SQL Injection Remote Code Execution Vulnerability (ZDI-17-982)

The version of Quest NetVault Backup Server running on the remote host is prior to 11.4.5. It is, therefore, affected by an SQL injection SQLi remote code execution vulnerability in the process manager server due to improper validation of user-supplied input. An unauthenticated, remote attacker c...

Quest NetVault Backup NVBUEventHistory Get Method SQL Injection (CVE-2017-17412)

An SQL injection vulnerability exists in the Server Process Manager Service of Quest NetVault Backup. The vulnerability is due to improper validation of user-supplied input on JSON-RPC requests invoking the Get method of the NVBUEventHistory class...

Quest NetVault Backup Server Process Manager Service NVBUPhaseStatus GetPlugins Method SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus GetPlugins method requests. The issue results fr...