Quest NetVault Backup NVBUJobCountHistory SQL Injection (CVE-2017-17420)

An SQL injection vulnerability exists in the Server Process Manager Service of Quest NetVault Backup. The vulnerability is due to improper validation of user-supplied input on JSON-RPC requests invoking the Get method of the NVBUJobCountHistory class. A remote unauthenticated attacker could explo...

Quest Netvault Backup Denial of Service (CVE-2018-1162)

A denial of service vulnerability exists in Quest Netvault Backup. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...

Quest Netvault Remote Code Execution (CVE-2018-1161)

A remote code execution vulnerability exists in quest netvault backup. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Quest NetVault Backup Server Code Execution / SQL Injection

Exploit Title: Quest NetVault Backup Server 11.4.5 Process Manager Service SQL Injection Remote Code Execution Vulnerability ZDI-17-982 Date: 2-21-2019 Exploit Author: credit goes to rgod for finding the bug Version: Quest NetVault Backup Server 11.4.5 CVE : CVE-2017-17417 There is a decent...

Quest NetVault Backup Server 11.4.5 - Process Manager Service SQL Injection Remote Code Execution

Quest NetVault Backup Server 11.4.5 - Process Manager Service SQL Injection Remote Code Execution Exploit Title: Quest NetVault Backup Server 11.4.5 Process Manager Service SQL Injection Remote Code Execution Vulnerability ZDI-17-982 Date: 2-21-2019 Exploit Author: credit goes to rgod for finding...

Quest NetVault Backup Server < 11.4.5 - Process Manager Service SQL Injection / Remote Code Execution

Exploit Title: Quest NetVault Backup Server 11.4.5 Process Manager Service SQL Injection Remote Code Execution Vulnerability ZDI-17-982 Date: 2-21-2019 Exploit Author: credit goes to rgod for finding the bug Version: Quest NetVault Backup Server 11.4.5 CVE : CVE-2017-17417 There is a decent...

Quest NetVault Backup NVBUEventHistory SQL Injection (CVE-2017-17412) - Ver2

A remote code execution vulnerability exists in Quest NetVault Backup. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Quest NetVault Backup Server < 11.4.5 Process Manager Service SQL Injection Remote Code Execution Vulnerability (ZDI-17-982)

The version of Quest NetVault Backup Server running on the remote host is prior to 11.4.5. It is, therefore, affected by an SQL injection SQLi remote code execution vulnerability in the process manager server due to improper validation of user-supplied input. An unauthenticated, remote attacker c...

Quest NetVault Backup Server Detection

Binary data netvaultwebdetect.nbin...

Quest NetVault Backup Multipart Request Authentication Bypass (CVE-2018-1163)

An authentication bypass vulnerability exists in the web interface component of Quest NetVault Backup. The vulnerability is due to how the server handles the HTTP requests...

Quest NetVault Backup NVBUBackup Count Method SQL Injection (CVE-2017-17652)

An SQL injection vulnerability exists in the Server Process Manager Service of Quest NetVault Backup. The vulnerability is due to improper validation of user-supplied input on JSON-RPC requests invoking the Count method of the NVBUBackup class...

Quest NetVault Backup NVBUEventHistory Get Method SQL Injection (CVE-2017-17412)

An SQL injection vulnerability exists in the Server Process Manager Service of Quest NetVault Backup. The vulnerability is due to improper validation of user-supplied input on JSON-RPC requests invoking the Get method of the NVBUEventHistory class...

Quest NetVault Backup Denial of Service Vulnerability

Quest NetVault Backup is a scalable data backup and recovery solution for organizations with multiple IT environments. A denial of service vulnerability exists in the handling of Export requests in Quest NetVault Backup 11.2.0.13. The vulnerability arises due to a failure to properly validate a...

Quest NetVault Backup Arbitrary Code Execution Vulnerability

Quest NetVault Backup is a scalable data backup and recovery solution for organizations with multiple IT environments. An arbitrary code execution vulnerability exists in nvwsworker.exe in Quest NetVault Backup 11.2.0.13. The vulnerability arises because when parsing the boundary header of a...

Quest NetVault Backup checksession authentication bypass vulnerability

Quest NetVault Backup is a scalable data backup and recovery solution for organizations with multiple IT environments. A checksession authentication bypass vulnerability exists in JSON RPC Request handling in Quest NetVault Backup 11.2.0.13. An attacker can exploit this vulnerability to execute...

CVE-2017-17657

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup TimeRange method requests. The issue result...

CVE-2018-1163

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Quest NetVault Backup 11.2.0.13. The specific flaw exists within JSON RPC Request handling. By setting the checksession parameter to a specific value, it is possible to bypass authentication to...

CVE-2018-1161

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.2.0.13. Authentication is not required to exploit this vulnerability. The specific flaw exists within nvwsworker.exe. When parsing the boundary header of a multipart reques...

CVE-2017-17656

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup JobList method requests. The issue results...

CVE-2017-17658

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUJobDefinitions Get method requests. The issue...