Filtered by vendor Quest
Subscribe
Total
131 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-17414 | 1 Quest | 1 Netvault Backup | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4225. | |||||
| CVE-2017-17412 | 1 Quest | 1 Netvault Backup | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of GET method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute arbitrary code in the context of the underlying database. Was ZDI-CAN-4223. | |||||
| CVE-2018-11160 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 18 of 46). | |||||
| CVE-2018-11148 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 6 of 46). | |||||
| CVE-2018-11192 | 1 Quest | 1 Disk Backup | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 4 of 6). | |||||
| CVE-2018-11193 | 1 Quest | 1 Disk Backup | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 5 of 6). | |||||
| CVE-2018-11176 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 34 of 46). | |||||
| CVE-2017-6554 | 1 Quest | 1 Privilege Manager | 2019-10-03 | 9.0 HIGH | 7.2 HIGH |
| pmmasterd in Quest Privilege Manager before 6.0.0.061, when configured as a policy server, allows remote attackers to write to arbitrary files and consequently execute arbitrary code with root privileges via an ACT_NEWFILESENT action. | |||||
| CVE-2018-11153 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 11 of 46). | |||||
| CVE-2018-11167 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 25 of 46). | |||||
| CVE-2018-11142 | 1 Quest | 1 Kace System Management Appliance | 2019-10-03 | 2.1 LOW | 5.5 MEDIUM |
| The 'systemui/settings_network.php' and 'systemui/settings_patching.php' scripts in the Quest KACE System Management Appliance 8.0.318 are accessible only from localhost. This restriction can be bypassed by modifying the 'Host' and 'X_Forwarded_For' HTTP headers in a POST request. An anonymous user can abuse this vulnerability to execute critical functions without authorization. | |||||
| CVE-2018-11152 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 10 of 46). | |||||
| CVE-2018-11171 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 29 of 46). | |||||
| CVE-2018-11187 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 45 of 46). | |||||
| CVE-2018-11149 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 7 of 46). | |||||
| CVE-2018-11174 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 32 of 46). | |||||
| CVE-2018-11163 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 7.2 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 21 of 46). | |||||
| CVE-2018-11189 | 1 Quest | 1 Disk Backup | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 1 of 6). | |||||
| CVE-2018-11159 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 17 of 46). | |||||
| CVE-2018-11157 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 15 of 46). | |||||