CVE-2018-11150

CVE-2018-11150 affects Quest DR Series Disk Backup Software prior to 4.0.3.1. The Core Security advisory documents multiple command-injection vulnerabilities in the DR appliances, with CVE-2018-11150 specifically described as a remote command-injection flaw in the replication scheduling subsystem...

CVE-2018-11156

CVE-2018-11156 affects Quest DR Series Disk Backup Software (DR Series appliances) prior to version 4.0.3.1. Multiple connected sources describe a family of command-injection vulnerabilities in the DR Series web UI/JSON‑RPC API that allows remote attackers to execute arbitrary commands on the app...

CVE-2018-11180

CVE-2018-11180 is a vulnerability in the Quest DR Series CloudPortal registration path where the registrationCode parameter is unsafely used to build a command line. The CoreLabs advisory and PoC details show an attacker can trigger remote command execution by crafting the registrationCode in a r...

CVE-2018-11189

CVE-2018-11189 applies to Quest DR Series Disk Backup Software prior to 4.0.3.1, where multiple command-injection vulnerabilities in the web UI allow an attacker with/without authentication to execute arbitrary commands as root via various API methods. CoreLabs details show a progression of CVEs ...

CVE-2018-11158

The CVE-2018-11158 entry concerns Quest DR Series Disk Backup Software. CoreSecurity’s CORE-2018-0002 and related materials describe multiple command-injection vulnerabilities in DR Series appliances (versions prior to 4.0.3.1) with both unauthenticated and authenticated vectors via the web UI an...

CVE-2018-11143

Summary of available details: Quest DR Series Disk Backup Software prior to version 4.0.3.1 contains multiple command-injection vulnerabilities exposed via its web/JSON-RPC API. The most critical issue, CVE-2018-11143, allows unauthenticated remote command execution through the Logon endpoint, wi...

CVE-2018-11151

Concrete details found: CVE-2018-11151 affects Quest DR Series Disk Backup Software prior to 4.0.3.1. The vulnerability is a command-injection issue in the DR series web/JSON-RPC interface, notably via setResetOptions (admin_email/relay_host) and related RPC methods (e.g., login, update, add, joi...

CVE-2018-11179

The CVE-2018-11179 entry concerns Quest DR Series Disk Backup software prior to 4.0.3.1, which, along with related CVEs in the CORE-2018-0002 advisory, contains multiple command-injection vulnerabilities in the DR Series appliances. Affected product: Quest DR Series Disk Backup Software (multiple...

CVE-2018-11146

Affected product: Quest DR Series Disk Backup Software. Vulnerabilities allow remote command execution via several web/API entry points; notably, command injection in update_pw and setAdminPassword. Versions prior to 4.0.3.1 are implicated. Build 4.0.3.1 reportedly fixes these issues. If upgradin...

CVE-2018-11169

CVE-2018-11169 affects Quest DR Series Disk Backup Software prior to 4.0.3.1. CoreLabs CORE-2018-0002 details multiple command-injection vulnerabilities in the DR appliance’s web interface/JSON-RPC API across various components (e.g., login, user update/delete, password updates, container/storage...

CVE-2018-11194

Summary: CVE-2018-11194 affects Quest DR Series Disk Backup Software prior to 4.0.3.1, enabling privilege escalation. The related CORE advisory CORE-2018-0002 details multiple command-injection and privilege-escalation vectors on DR Series appliances, describing root-level access via web interfac...

CVE-2018-11145

CVE-2018-11145 affects Quest DR Series Disk Backup Software 4.x prior to 4.0.3.1, enabling command injection via exposed web/JSON‑RPC interfaces. CORE CORE-2018-0002 details multiple command‑injection vectors across DRSeries RPC methods, including login, user management, container/storage actions...

CVE-2018-11159

CVE-2018-11159 (Quest DR Series Disk Backup) Product: Quest DR Series Disk Backup Software (appliances) prior to version 4.0.3.1. Issue: In the JSON-RPC API, the get_storage_group_statistics call accepts a parameter named group that is not sanitized, enabling an attacker to inject system commands...

CVE-2018-11167

CVE-2018-11167 affects Quest DR Series Disk Backup Software prior to 4.0.3.1, enabling command injection through the appliance web interface/JSON-RPC paths. Core documentation shows a family of related command-injection vulnerabilities (e.g., unauthenticated login and authenticated actions) that ...

CVE-2018-11144

The connected CORE advisory CORE-2018-0002 documents multiple command-injection vulnerabilities in Quest DR Series Disk Backup appliances running versions prior to 4.0.3.1. The issues affect the DR Series web interfaces and JSON-RPC endpoints, enabling remote command execution (unauthenticated in...

CVE-2018-11183

Quest DR Series Disk Backup Software before 4.0.3.1 contains multiple command-injection vulnerabilities in its JSON-RPC interface, enabling remote code execution (including unauthenticated login) via numerous endpoints. The CoreLabs CORE-2018-0002 advisory details extensive CVEs (e.g., CVE-2018-1...

CVE-2018-11190

The CORE advisory details remote command injection and privilege escalation flaws in Quest DR Series Disk Backup Software prior to build 4.0.3.1. Exploitation occurs via the DR Series web UI/JSON-RPC methods (e.g., Logon, update, add, set, delete, etc.), allowing authenticated or unauthenticated ...

CVE-2018-11161

CVE-2018-11161 is a real command-injection vulnerability in Quest DR Series Disk Backup Software prior to 4.0.3.1. Connected sources (NVD, CNVD, CoreLabs CORE-2018-0002) describe multiple CVEs in the DR Series family, with CVE-2018-11161 specifically noting that the StorageGroupService deletion p...

CVE-2018-11174

Quest DR Series Disk Backup Software 4.0.3 prior to 4.0.3.1 is affected by multiple command-injection vulnerabilities in its DR appliances’ JSON-RPC/web interfaces. The Core Security advisory enumerates numerous CVEs (e.g., CVE-2018-11143 through CVE-2018-11179 and related variants) that allow re...

CVE-2018-11176

Quest DR Series Disk Backup Software vulnerable to command injection via DREncryption::set_passphrase (CVE-2018-11176). Proof-of-concept shows attacker can inject commands through the passphrase parameter, enabling arbitrary code execution with the appliance’s privileges. The CoreLabs advisory CO...

CVE-2018-11177

CVE-2018-11177 affects Quest DR Series Disk Backup Software prior to 4.0.3.1. The Root Cause is command injection via user-supplied input used to build shell commands in the appliance’s JSON-RPC/web interfaces. The CoreLabs advisory and the companion PoCs enumerate multiple privileged and authent...

CVE-2018-11147

CVE-2018-11147 pertains to Quest DR Series Disk Backup Software prior to 4.0.3.1, where multiple command-injection vulnerabilities exist in the web interface/JSON‑RPC API. Public-advisory text identifies a primary unauthenticated remote code-execution vector (section 7.1) that could allow an atta...

CVE-2018-11148

The provided documents confirm a set of command-injection vulnerabilities in Quest DR Series Disk Backup Software running older than 4.0.3.1. Specifically, the CoreLabs CORE-2018-0002 advisory details multiple CVEs (notably CVE-2018-11143 through CVE-2018-11179 variants) that allow remote code ex...

CVE-2018-11149

CVE-2018-11149 affects Quest DR Series Disk Backup Software prior to 4.0.3.1. CoreLabs/Core advisory CORE-2018-0002 documents a command-injection vulnerability in the DR Series DRCleaner/setCleaner routine, enabling an attacker to inject shell commands via crafted input in the appliance’s web/API...

CVE-2018-11153

The CVE-2018-11153 entry concerns Quest DR Series Disk Backup Software prior to 4.0.3.1, where multiple command-injection vulnerabilities were identified across the DR appliance’s JSON-RPC/Web UI surface. The CoreLabs CORE advisory details unauthenticated and authenticated command-injection vecto...

CVE-2018-11157

CVE-2018-11157 affects Quest DR Series Disk Backup Software (v4.0.3.1 and earlier). CoreLabs/Core advisory details a command-injection vulnerability in the DR appliance Web/JSON-RPC API, specifically the join domain functionality via the ActiveDirectoryService module where the domain parameter ca...

CVE-2018-11168

Summary: CVE-2018-11168 affects Quest DR Series Disk Backup software prior to 4.0.3.1 and is part of a broader set of command‑injection vulnerabilities in DR Series appliances. The connected documents describe concrete vectors via the JSON‑RPC API that enable remote command execution, including u...

CVE-2018-11192

Summary of findings (CVE-2018-11192 family) : The Quest DR Series Disk Backup Appliances (hardware/software) release prior to 4.0.3.1 contain multiple command-injection vulnerabilities in the DR Series web/JSON-RPC interfaces. The CoreLabs CORE-2018-0002 advisory documents a range of CVEs (e.g., ...

CVE-2018-11152

CVE-2018-11152 affects Quest DR Series Disk Backup Software prior to 4.0.3.1. The vulnerability is a command-injection in the JSON-RPC API (set_compression) where the compressionLevel parameter is unsafely used to build a shell command, enabling remote execution. Affected product: Quest DR Series...

CVE-2018-11154

CVE-2018-11154 affects Quest DR Series Disk Backup Software prior to 4.0.3.1. The CNVD/NVD entries describe multiple command-injection flaws in the DR Series web/API interfaces (registerDR2000v and related license/registration methods) that allow an attacker to inject commands through various inp...

CVE-2018-11163

Quest DR Series Disk Backup Software before 4.0.3.1 is affected by multiple command‑injection vulnerabilities in the DR Series appliances’ web/JSON‑RPC interface. Public details document a range of CVEs (including CVE-2018-11143 to CVE-2018-11194) that allow remote or authenticated attackers to i...

CVE-2018-11165

CVE-2018-11165 pertains to Quest DR Series Disk Backup Software before 4.0.3.1, where multiple command-injection vulnerabilities were identified across the DR appliances’ JSON-RPC/Web interfaces. The Core advisory details unauthenticated and authenticated vectors (e.g., CVE-2018-11143 through CVE...

CVE-2018-11166

Summary (supported by provided documents): Quest DR Series Disk Backup Software, versions prior to 4.0.3.1, contains multiple command-injection vulnerabilities (CVE-2018-11143 through CVE-2018-11194) in its DR appliance web/JSON-RPC interfaces. The CoreLabs advisory CORE-2018-0002 details numerou...

CVE-2018-11172

CVE-2018-11172 pertains to Quest DR Series Disk Backup Software prior to 4.0.3.1, where multiple command-injection vulnerabilities were identified in the DR Series appliances’ web/JSON-RPC interfaces. The CoreLabs advisory details unauthenticated and authenticated vectors that allow remote execut...

CVE-2018-11185

CVE-2018-11185 pertains to Quest DR Series Disk Backup Software prior to 4.0.3.1, where multiple input vectors in the web interface/JSON‑RPC allow command execution. The CoreLabs Core Advisory details a wide set of command‑injection flaws (e.g., unauthenticated and authenticated paths) across num...

CVE-2018-11191

CVE-2018-11191 affects Quest DR Series Disk Backup Software prior to 4.0.3.1. CoreLabs describes multiple privilege-escalation vectors resulting from the DR appliance web interface and related components: attackers who gain access can escalate from the webserver user (webadmin) to root via local ...

CVE-2018-11193

CVE-2018-11193 is a privilege-escalation flaw in Quest DR Series Disk Backup Software prior to 4.0.3.1. The CoreLabs advisory details multiple command-injection paths in the DR Series Web UI (JSON-RPC) enabling an attacker with web access to reach root via webadmin privileges (e.g., ocashell, env...

CVE-2018-11170

CVE-2018-11170 concerns Quest DR Series Disk Backup Software prior to 4.0.3.1. The concern is a broader set of command-injection vulnerabilities found in the Core Security CORE-2018-0002 advisory, affecting multiple CVEs (e.g., CVE-2018-11143 to CVE-2018-11194) via the JSON-RPC/web interfaces. Th...

CVE-2018-11175

CVE-2018-11175 and related CVEs describe multiple remote command injection flaws in Quest DR Series Disk Backup Appliances prior to 4.0.3.1. Core Security/CoreLabs and CNVD/NVD entries confirm affected components include the web UI and JSON-RPC endpoints, enabling attackers to execute arbitrary c...

CVE-2018-11178

CVE-2018-11178 is part of a set of related command-injection vulnerabilities in Quest DR Series Disk Backup appliances (Quest DR Series Disk Backup Software) affecting versions up to 4.0.3.1. The CoreLabs CORE-2018-0002 advisory and subsequent materials describe multiple CVEs (e.g., CVE-2018-1114...

CVE-2018-11184

CVE-2018-11184 affects Quest DR Series Disk Backup Software up to build 4.0.3.1, where the UsageService’s get usage operation can be abused to inject commands via the type parameter (as shown in the 7.42 example). The vulnerability arises from unsanitized user input used to construct a command li...

CVE-2018-11164

CVE-2018-11164 affects Quest DR Series Disk Backup Software prior to 4.0.3.1. Core/ENISA/public docs detail multiple command-injection vulnerabilities exposed via the web UI/JSON-RPC API, enabling remote code execution (some vectors unauthenticated, others requiring an auth token). The flaws aris...

CVE-2018-11173

CVE-2018-11173 concerns Quest DR Series Disk Backup Software prior to 4.0.3.1, with multiple command-injection flaws exposed via the web interface and JSON-RPC API. CoreLabs advisory CORE-2018-0002 documents a family of related vulnerabilities (CVE-2018-11143 through CVE-2018-11194) enabling remo...

CVE-2018-11186

CVE-2018-11186 relates to Quest DR Series Disk Backup appliances (versions before 4.0.3.1) with multiple command-injection vulnerabilities. The CoreLabs advisory details remote code execution vectors via the DR series web interface and JSON-RPC, including unauthenticated and authenticated injecti...

CVE-2018-11162

CVE-2018-11162 corresponds to a command-injection vulnerability in Quest DR Series Disk Backup Software prior to 4.0.3.1. The CoreLabs advisory documents a remote, authenticated issue in DRStorageGroup.update where unsanitized input in newGroup (e.g., Name, Compression_mode) is used to build a co...

CVE-2018-11181

Quest DR Series Disk Backup appliances running versions before 4.0.3.1 are affected by multiple command injection vulnerabilities in the web/JSON‑RPC interfaces (e.g., unauthenticated Logon and various authenticated endpoints), enabling remote code execution with root privileges on vulnerable dev...

CVE-2018-11187

CVE-2018-11187 affects Quest DR Series Disk Backup Software 4.0.3.1 (and earlier in 4.0.3) through a command injection in the Global View add_member API via the RemoteHost parameter. An unauthenticated attacker could inject commands and gain arbitrary code execution on the appliance (up to root) ...

CVE-2018-11188

CVE-2018-11188 affects Quest DR Series Disk Backup Software prior to 4.0.3.1. CoreLabs CORE-2018-0002 documents multiple command-injection vulnerabilities in the DR Series appliances (e.g., unauthenticated and authenticated JSON-RPC/API calls) that could allow remote code execution with root priv...

CVE-2018-11171

CVE-2018-11171 concerns Quest DR Series Disk Backup Software prior to 4.0.3.1, where multiple command-injection flaws exist in the web UI/JSON-RPC API allowing remote code execution with root privileges. Documentation in CORE-2018-0002 enumerates a large set of related CVEs (e.g., CVE-2018-11143 ...

CVE-2018-11182

CVE-2018-11182 affects Quest DR Series Disk Backup Software (before 4.0.3.1). Core Security CORE-2018-0002 documents multiple command-injection vulnerabilities in the DR Series appliances via the JSON-RPC web interface, allowing remote command execution and, in some vectors, privilege escalation....