Lucene search
K
QuestNetvault Backup

35 matches found

CVE
CVE
added 2018/02/08 6:0 p.m.78 views

CVE-2017-17417

Quest NetVault Backup Server (Quest NetVault Backup) is affected by CVE-2017-17417 due to an SQL Injection in the Process Manager Service NVBUPhaseStatus Acknowledge handling. Affects versions prior to 11.4.5 (e.g., 11.3.0.12 referenced in sources). The vulnerability allows unauthenticated remote...

9.8CVSS9.7AI score0.10001EPSS
Web
CVE
CVE
added 2018/02/08 6:0 p.m.68 views

CVE-2017-17415

CVE-2017-17415 affects Quest NetVault Backup 11.3.0.12. A SQL injection in the NVBUPhaseStatus Count method arises from insufficient validation of a user-supplied string used to build SQL queries, allowing remote attackers to execute arbitrary code in the database context without authentication. ...

9.8CVSS9.7AI score0.03933EPSS
CVE
CVE
added 2018/02/08 6:0 p.m.62 views

CVE-2018-1162

Summary: CVE-2018-1162 describes a denial-of-service vulnerability in Quest NetVault Backup 11.2.0.13 due to a path validation flaw. The flaw occurs in the handling of Export requests where a user-supplied path isn’t properly validated before file operations, allowing an attacker to arbitrarily o...

8.5CVSS8AI score0.05029EPSS
CVE
CVE
added 2018/02/08 6:0 p.m.58 views

CVE-2017-17420

CVE-2017-17420 affects Quest NetVault Backup (Server Process Manager Service) via an SQL injection in NVBUJobCountHistory Get method. The root cause is improper validation of user-supplied input used to construct SQL queries, enabling unauthenticated remote code execution in the database context....

9.8CVSS9.7AI score0.48802EPSS
CVE
CVE
added 2018/02/08 6:0 p.m.57 views

CVE-2017-17655

The CVE concerns Quest NetVault Backup (11.3.0.12). The vulnerability is a SQL injection in the NVBUBackup PluginList request handling, caused by improper validation of a user-supplied string used to construct SQL queries. This enables remote code execution in the context of the underlying databa...

9.8CVSS9.7AI score0.03933EPSS
CVE
CVE
added 2018/02/08 6:0 p.m.56 views

CVE-2017-17413

The CVE affects Quest NetVault Backup (11.3.0.12) where the NVBUBackupTargetSet Get method handles user input to build SQL queries without proper validation. This SQL injection flaw allows remote attackers, without authentication, to execute arbitrary code in the context of the underlying databas...

9.8CVSS9.7AI score0.03933EPSS
CVE
CVE
added 2018/02/08 6:0 p.m.56 views

CVE-2017-17419

Quest NetVault Backup 11.3.0.12 is affected by a remote SQL injection in NVBUTransferHistory Get requests due to improper validation of a user-supplied string used to build SQL queries. This can allow an attacker to execute arbitrary code in the context of the underlying database without authenti...

9.8CVSS9.7AI score0.03933EPSS
CVE
CVE
added 2018/02/08 6:0 p.m.56 views

CVE-2017-17659

The CVE-2017-17659 issue affects Quest NetVault Backup, specifically NVBUJobHistory Get method handling. The root cause is improper validation of user-supplied strings used in SQL queries, enabling remote code execution in the database context. Public sources confirm vulnerable versions include 1...

9.8CVSS9.7AI score0.03933EPSS
CVE
CVE
added 2018/02/08 6:0 p.m.55 views

CVE-2017-17414

Quest NetVault Backup 11.3.0.12 is affected by a SQL injection in the NVBUPhaseStatus Get method, caused by unvalidated user input used to build SQL queries. This allows remote code execution with no authentication, running in the database context. Affected product/version details in the provided...

9.8CVSS9.7AI score0.03933EPSS
CVE
CVE
added 2018/02/08 6:0 p.m.55 views

CVE-2017-17421

CVE-2017-17421 affects Quest NetVault Backup (notably 11.3.0.12); a SQL injection in NVBUSelectionSet Get requests allows remote code execution with no authentication. Root cause: improper validation of a user-supplied string used to build SQL queries. Documents indicate potential exploit paths a...

9.8CVSS9.7AI score0.03933EPSS
CVE
CVE
added 2018/02/08 6:0 p.m.55 views

CVE-2017-17422

CVE-2017-17422 affects Quest NetVault Backup before 11.4.5 (specifically 11.3.0.12 in the initial data) and is triggered via the NVBUBackup Get method. The root cause is insufficient validation of a user-supplied string used to construct SQL queries, enabling remote code execution in the context ...

9.8CVSS9.7AI score0.03933EPSS
CVE
CVE
added 2018/02/08 6:0 p.m.54 views

CVE-2017-17423

CVE-2017-17423 affects Quest NetVault Backup 11.3.0.12 and earlier. The flaw is an SQL injection in NVBUBackupSegment Get method handling, caused by insufficient validation of a user-supplied string used in SQL queries, allowing remote code execution in the database context. Public advisories con...

9.8CVSS9.7AI score0.03933EPSS
CVE
CVE
added 2018/02/08 6:0 p.m.53 views

CVE-2017-17652

CVE-2017-17652 affects Quest NetVault Backup, specifically the Server Process Manager Service’s NVBUBackup Count method. The root cause is improper validation of user-supplied input used to build SQL queries, enabling an SQL injection that can lead to remote code execution in the database context...

9.8CVSS9.7AI score0.03933EPSS
CVE
CVE
added 2018/02/08 6:0 p.m.53 views

CVE-2017-17658

CVE-2017-17658 affects Quest NetVault Backup 11.3.0.12. The vulnerability is a SQL injection in the NVBUJobDefinitions Get method, caused by insufficient validation of a user-supplied string before constructing SQL queries. Exploitation does not require authentication, allowing remote attackers t...

9.8CVSS9.7AI score0.03933EPSS
CVE
CVE
added 2018/02/08 6:0 p.m.53 views

CVE-2018-1161

Summary of findings : CVE-2018-1161 affects Quest NetVault Backup 11.2.0.13, with a vulnerability in the nvwsworker.exe component. The flaw occurs when parsing the boundary header of a multipart request, where the process fails to validate the length of user-supplied data before copying it to a s...

10CVSS9.7AI score0.67218EPSS
CVE
CVE
added 2018/02/08 6:0 p.m.51 views

CVE-2017-17412

The CVE-2017-17412 issue affects Quest NetVault Backup (version 11.3.0.12). It is an SQL injection in the NVBUEventHistory Get method/JSON-RPC Get path caused by improper validation of user-supplied input used to construct SQL queries, enabling remote code execution in the database context. Explo...

9.8CVSS9.7AI score0.03933EPSS
CVE
CVE
added 2018/02/08 6:0 p.m.51 views

CVE-2017-17425

This CVE affects Quest NetVault Backup. The vulnerability lies in NVBUSourceDeviceSet Get method handling, where unvalidated user input is used to build SQL queries, enabling remote code execution. Affects NetVault Backup versions 11.3.0.12 and, per CNVD, prior to 11.4.5; authentication is not re...

9.8CVSS9.7AI score0.03933EPSS
CVE
CVE
added 2018/02/08 6:0 p.m.51 views

CVE-2017-17654

CVE-2017-17654 affects Quest NetVault Backup 11.3.0.12. The flaw is an SQL injection in the NVBUBackup ClientList method where unsanitized user input is used to build SQL queries, enabling remote code execution in the database context without authentication. Documented by ZDI-4287 and mirrored in...

9.8CVSS9.7AI score0.03933EPSS
CVE
CVE
added 2018/02/08 6:0 p.m.50 views

CVE-2017-17656

CVE-2017-17656 affects Quest NetVault Backup (v11.3.0.12). The vulnerability is SQL injection in the NVBUBackup JobList handling, arising from insufficient validation of a user-supplied string before building SQL queries, enabling remote code execution in the database context. Authentication is n...

9.8CVSS9.7AI score0.03933EPSS
CVE
CVE
added 2018/02/08 6:0 p.m.48 views

CVE-2017-17657

CVE-2017-17657 affects Quest NetVault Backup, where NVBUBackup TimeRange method requests are mishandled due to insufficient validation of a user-supplied string used in SQL queries. This enables remote code execution with the database context and does not require authentication. Documented in mul...

9.8CVSS9.7AI score0.03933EPSS
CVE
CVE
added 2018/02/08 6:0 p.m.48 views

CVE-2018-1163

CVE-2018-1163 affects Quest NetVault Backup 11.2.0.13. The vulnerability is a checksession authentication bypass in the web interface’s JSON RPC handling, allowing an unauthenticated attacker to bypass authentication and access critical functions. The description notes this could be combined with...

10CVSS9.8AI score0.16331EPSS
CVE
CVE
added 2018/02/08 6:0 p.m.47 views

CVE-2017-17653

This CVE (CVE-2017-17653) affects Quest NetVault Backup 11.3.0.12. The vulnerability is a SQL injection in NVBUBackupOptionSet Get method requests due to improper validation of a user-supplied string used to build SQL queries, enabling remote code execution in the context of the underlying databa...

9.8CVSS9.7AI score0.03933EPSS
CVE
CVE
added 2018/02/08 6:0 p.m.45 views

CVE-2017-17418

CVE-2017-17418 affects Quest NetVault Backup 11.3.0.12. The vulnerability arises from improper validation of a user-supplied string in NVBUPolicy Get method, leading to SQL injection and the potential to execute code in the underlying database context. Authentication is not required. Multiple con...

9.8CVSS9.7AI score0.03933EPSS
CVE
CVE
added 2018/02/08 6:0 p.m.45 views

CVE-2017-17424

CVE-2017-17424 affects Quest NetVault Backup, specifically vulnerable in the NVBUScheduleSet Get method handling. The issue is a SQL injection due to improper validation of a user-supplied string used to construct SQL queries, allowing remote attackers to execute arbitrary code in the context of ...

9.8CVSS9.7AI score0.03933EPSS
CVE
CVE
added 2018/02/08 6:0 p.m.42 views

CVE-2017-17416

CVE-2017-17416 affects Quest NetVault Backup (v11.3.0.12) with a SQL injection in NVBUPhaseStatus GetPlugins handling that allows remote code execution in the database context. The flaw results from insufficient validation of a user-supplied string used to build SQL queries, and authentication is...

9.8CVSS9.7AI score0.03933EPSS
CVE
CVE
added 2026/06/24 11:13 p.m.17 views

CVE-2026-9780

CVE-2026-9780 affects Quest NetVault Backup, specifically the addclient3 webpage. The flaw arises from insufficient validation of user-supplied data, enabling cross-site scripting that can be leveraged to bypass authentication and execute code in the context of SYSTEM. Exploitation requires user ...

8.8CVSS6.8AI score0.0067EPSS
CVE
CVE
added 2026/06/24 11:15 p.m.17 views

CVE-2026-9787

CVE-2026-9787 affects Quest NetVault Backup, specifically the NVBULogDaemon component that processes JSON-RPC messages. The vulnerability stems from insufficient validation of user-supplied strings before they are used in system calls, enabling a remote attacker to execute code with SYSTEM privil...

8.8CVSS7.8AI score0.01373EPSS
CVE
CVE
added 2026/06/24 11:15 p.m.14 views

CVE-2026-9786

CVE-2026-9786 affects Quest NetVault Backup NVBUDashboard. The flaw is a SQL injection in the NVBUDashboard JSON-RPC message processing that fails to validate a user-supplied string used to build SQL queries, allowing code execution in the context of NETWORK SERVICE. Authentication is required to...

8.8CVSS7.8AI score0.00689EPSS
CVE
CVE
added 2026/06/24 11:14 p.m.13 views

CVE-2026-9784

CVE-2026-9784 affects Quest NetVault Backup, specifically the NVBULibraryPort JSON-RPC handling. The vulnerability arises from insufficient validation of a user-supplied string used to construct SQL queries, enabling SQL injection that can lead to remote code execution in the NETWORK SERVICE cont...

8.8CVSS7.8AI score0.00689EPSS
CVE
CVE
added 2026/06/24 11:14 p.m.11 views

CVE-2026-9782

Quest NetVault Backup NVBUDeviceDrive is affected by a SQL Injection in the JSON‑RPC message processing path. The flaw stems from improper validation of a user-supplied string used to construct SQL queries, enabling an attacker to execute arbitrary code in the context of NETWORK SERVICE. Authenti...

8.8CVSS7.8AI score0.00689EPSS
CVE
CVE
added 2026/06/24 11:14 p.m.9 views

CVE-2026-9783

CVE-2026-9783 affects Quest NetVault Backup, specifically the NVBURemovableMedia JSON-RPC handling. The flaw is due to insufficient validation of a user-supplied string used to construct SQL queries, enabling SQL injection that can execute code in the context of NETWORK SERVICE. Authentication is...

8.8CVSS7.8AI score0.00689EPSS
CVE
CVE
added 2026/06/24 11:15 p.m.7 views

CVE-2026-7569

CVE-2026-7569 affects Quest NetVault Backup viewclient. The flaw is a Cross‑Site Scripting vulnerability in the viewclient webpage due to inadequate input validation, which can be combined with other issues to execute arbitrary code in the context of SYSTEM. Successful exploitation requires user ...

8.8CVSS6.8AI score0.0067EPSS
CVE
CVE
added 2026/06/24 11:13 p.m.7 views

CVE-2026-7570

Quest NetVault Backup NVBUDashboard is affected by an SQL Injection leading to Remote Code Execution. The flaw occurs in NVBUDashboard JSON-RPC message handling due to improper validation of a user-supplied string used to construct SQL queries, allowing code execution in the NETWORK SERVICE conte...

8.8CVSS7.8AI score0.00689EPSS
CVE
CVE
added 2026/06/24 11:14 p.m.7 views

CVE-2026-9781

CVE-2026-9781 affects Quest NetVault Backup NVBURASDevice component. The issue is an SQL Injection in the NVBURASDevice JSON-RPC message processing due to improper validation of user-supplied input used to build SQL queries. Exploitation could allow remote code execution with the context of NETWO...

8.8CVSS7.8AI score0.00689EPSS
CVE
CVE
added 2026/06/24 11:14 p.m.6 views

CVE-2026-9785

Affected product: Quest NetVault Backup NVBULibrarySlot.Root cause: Missing validation of a user-supplied string used to build SQL queries in NVBULibrarySlot JSON-RPC processing, enabling SQL injection.Impact: Remote code execution in the context of NETWORK SERVICE. Authentication is required but...

8.8CVSS7.8AI score0.00689EPSS