35 matches found
CVE-2017-17417
Quest NetVault Backup Server (Quest NetVault Backup) is affected by CVE-2017-17417 due to an SQL Injection in the Process Manager Service NVBUPhaseStatus Acknowledge handling. Affects versions prior to 11.4.5 (e.g., 11.3.0.12 referenced in sources). The vulnerability allows unauthenticated remote...
CVE-2017-17415
CVE-2017-17415 affects Quest NetVault Backup 11.3.0.12. A SQL injection in the NVBUPhaseStatus Count method arises from insufficient validation of a user-supplied string used to build SQL queries, allowing remote attackers to execute arbitrary code in the database context without authentication. ...
CVE-2018-1162
Summary: CVE-2018-1162 describes a denial-of-service vulnerability in Quest NetVault Backup 11.2.0.13 due to a path validation flaw. The flaw occurs in the handling of Export requests where a user-supplied path isn’t properly validated before file operations, allowing an attacker to arbitrarily o...
CVE-2017-17420
CVE-2017-17420 affects Quest NetVault Backup (Server Process Manager Service) via an SQL injection in NVBUJobCountHistory Get method. The root cause is improper validation of user-supplied input used to construct SQL queries, enabling unauthenticated remote code execution in the database context....
CVE-2017-17655
The CVE concerns Quest NetVault Backup (11.3.0.12). The vulnerability is a SQL injection in the NVBUBackup PluginList request handling, caused by improper validation of a user-supplied string used to construct SQL queries. This enables remote code execution in the context of the underlying databa...
CVE-2017-17413
The CVE affects Quest NetVault Backup (11.3.0.12) where the NVBUBackupTargetSet Get method handles user input to build SQL queries without proper validation. This SQL injection flaw allows remote attackers, without authentication, to execute arbitrary code in the context of the underlying databas...
CVE-2017-17419
Quest NetVault Backup 11.3.0.12 is affected by a remote SQL injection in NVBUTransferHistory Get requests due to improper validation of a user-supplied string used to build SQL queries. This can allow an attacker to execute arbitrary code in the context of the underlying database without authenti...
CVE-2017-17659
The CVE-2017-17659 issue affects Quest NetVault Backup, specifically NVBUJobHistory Get method handling. The root cause is improper validation of user-supplied strings used in SQL queries, enabling remote code execution in the database context. Public sources confirm vulnerable versions include 1...
CVE-2017-17414
Quest NetVault Backup 11.3.0.12 is affected by a SQL injection in the NVBUPhaseStatus Get method, caused by unvalidated user input used to build SQL queries. This allows remote code execution with no authentication, running in the database context. Affected product/version details in the provided...
CVE-2017-17421
CVE-2017-17421 affects Quest NetVault Backup (notably 11.3.0.12); a SQL injection in NVBUSelectionSet Get requests allows remote code execution with no authentication. Root cause: improper validation of a user-supplied string used to build SQL queries. Documents indicate potential exploit paths a...
CVE-2017-17422
CVE-2017-17422 affects Quest NetVault Backup before 11.4.5 (specifically 11.3.0.12 in the initial data) and is triggered via the NVBUBackup Get method. The root cause is insufficient validation of a user-supplied string used to construct SQL queries, enabling remote code execution in the context ...
CVE-2017-17423
CVE-2017-17423 affects Quest NetVault Backup 11.3.0.12 and earlier. The flaw is an SQL injection in NVBUBackupSegment Get method handling, caused by insufficient validation of a user-supplied string used in SQL queries, allowing remote code execution in the database context. Public advisories con...
CVE-2017-17652
CVE-2017-17652 affects Quest NetVault Backup, specifically the Server Process Manager Service’s NVBUBackup Count method. The root cause is improper validation of user-supplied input used to build SQL queries, enabling an SQL injection that can lead to remote code execution in the database context...
CVE-2017-17658
CVE-2017-17658 affects Quest NetVault Backup 11.3.0.12. The vulnerability is a SQL injection in the NVBUJobDefinitions Get method, caused by insufficient validation of a user-supplied string before constructing SQL queries. Exploitation does not require authentication, allowing remote attackers t...
CVE-2018-1161
Summary of findings : CVE-2018-1161 affects Quest NetVault Backup 11.2.0.13, with a vulnerability in the nvwsworker.exe component. The flaw occurs when parsing the boundary header of a multipart request, where the process fails to validate the length of user-supplied data before copying it to a s...
CVE-2017-17412
The CVE-2017-17412 issue affects Quest NetVault Backup (version 11.3.0.12). It is an SQL injection in the NVBUEventHistory Get method/JSON-RPC Get path caused by improper validation of user-supplied input used to construct SQL queries, enabling remote code execution in the database context. Explo...
CVE-2017-17425
This CVE affects Quest NetVault Backup. The vulnerability lies in NVBUSourceDeviceSet Get method handling, where unvalidated user input is used to build SQL queries, enabling remote code execution. Affects NetVault Backup versions 11.3.0.12 and, per CNVD, prior to 11.4.5; authentication is not re...
CVE-2017-17654
CVE-2017-17654 affects Quest NetVault Backup 11.3.0.12. The flaw is an SQL injection in the NVBUBackup ClientList method where unsanitized user input is used to build SQL queries, enabling remote code execution in the database context without authentication. Documented by ZDI-4287 and mirrored in...
CVE-2017-17656
CVE-2017-17656 affects Quest NetVault Backup (v11.3.0.12). The vulnerability is SQL injection in the NVBUBackup JobList handling, arising from insufficient validation of a user-supplied string before building SQL queries, enabling remote code execution in the database context. Authentication is n...
CVE-2017-17657
CVE-2017-17657 affects Quest NetVault Backup, where NVBUBackup TimeRange method requests are mishandled due to insufficient validation of a user-supplied string used in SQL queries. This enables remote code execution with the database context and does not require authentication. Documented in mul...
CVE-2018-1163
CVE-2018-1163 affects Quest NetVault Backup 11.2.0.13. The vulnerability is a checksession authentication bypass in the web interface’s JSON RPC handling, allowing an unauthenticated attacker to bypass authentication and access critical functions. The description notes this could be combined with...
CVE-2017-17653
This CVE (CVE-2017-17653) affects Quest NetVault Backup 11.3.0.12. The vulnerability is a SQL injection in NVBUBackupOptionSet Get method requests due to improper validation of a user-supplied string used to build SQL queries, enabling remote code execution in the context of the underlying databa...
CVE-2017-17418
CVE-2017-17418 affects Quest NetVault Backup 11.3.0.12. The vulnerability arises from improper validation of a user-supplied string in NVBUPolicy Get method, leading to SQL injection and the potential to execute code in the underlying database context. Authentication is not required. Multiple con...
CVE-2017-17424
CVE-2017-17424 affects Quest NetVault Backup, specifically vulnerable in the NVBUScheduleSet Get method handling. The issue is a SQL injection due to improper validation of a user-supplied string used to construct SQL queries, allowing remote attackers to execute arbitrary code in the context of ...
CVE-2017-17416
CVE-2017-17416 affects Quest NetVault Backup (v11.3.0.12) with a SQL injection in NVBUPhaseStatus GetPlugins handling that allows remote code execution in the database context. The flaw results from insufficient validation of a user-supplied string used to build SQL queries, and authentication is...
CVE-2026-9780
CVE-2026-9780 affects Quest NetVault Backup, specifically the addclient3 webpage. The flaw arises from insufficient validation of user-supplied data, enabling cross-site scripting that can be leveraged to bypass authentication and execute code in the context of SYSTEM. Exploitation requires user ...
CVE-2026-9787
CVE-2026-9787 affects Quest NetVault Backup, specifically the NVBULogDaemon component that processes JSON-RPC messages. The vulnerability stems from insufficient validation of user-supplied strings before they are used in system calls, enabling a remote attacker to execute code with SYSTEM privil...
CVE-2026-9786
CVE-2026-9786 affects Quest NetVault Backup NVBUDashboard. The flaw is a SQL injection in the NVBUDashboard JSON-RPC message processing that fails to validate a user-supplied string used to build SQL queries, allowing code execution in the context of NETWORK SERVICE. Authentication is required to...
CVE-2026-9784
CVE-2026-9784 affects Quest NetVault Backup, specifically the NVBULibraryPort JSON-RPC handling. The vulnerability arises from insufficient validation of a user-supplied string used to construct SQL queries, enabling SQL injection that can lead to remote code execution in the NETWORK SERVICE cont...
CVE-2026-9782
Quest NetVault Backup NVBUDeviceDrive is affected by a SQL Injection in the JSON‑RPC message processing path. The flaw stems from improper validation of a user-supplied string used to construct SQL queries, enabling an attacker to execute arbitrary code in the context of NETWORK SERVICE. Authenti...
CVE-2026-9783
CVE-2026-9783 affects Quest NetVault Backup, specifically the NVBURemovableMedia JSON-RPC handling. The flaw is due to insufficient validation of a user-supplied string used to construct SQL queries, enabling SQL injection that can execute code in the context of NETWORK SERVICE. Authentication is...
CVE-2026-7569
CVE-2026-7569 affects Quest NetVault Backup viewclient. The flaw is a Cross‑Site Scripting vulnerability in the viewclient webpage due to inadequate input validation, which can be combined with other issues to execute arbitrary code in the context of SYSTEM. Successful exploitation requires user ...
CVE-2026-7570
Quest NetVault Backup NVBUDashboard is affected by an SQL Injection leading to Remote Code Execution. The flaw occurs in NVBUDashboard JSON-RPC message handling due to improper validation of a user-supplied string used to construct SQL queries, allowing code execution in the NETWORK SERVICE conte...
CVE-2026-9781
CVE-2026-9781 affects Quest NetVault Backup NVBURASDevice component. The issue is an SQL Injection in the NVBURASDevice JSON-RPC message processing due to improper validation of user-supplied input used to build SQL queries. Exploitation could allow remote code execution with the context of NETWO...
CVE-2026-9785
Affected product: Quest NetVault Backup NVBULibrarySlot.Root cause: Missing validation of a user-supplied string used to build SQL queries in NVBULibrarySlot JSON-RPC processing, enabling SQL injection.Impact: Remote code execution in the context of NETWORK SERVICE. Authentication is required but...