Vulnerabilities > Quest
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-06 | CVE-2019-12918 | SQL Injection vulnerability in Quest Kace Systems Management Appliance 9.1.317 Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection. | 9.8 |
| 2019-11-06 | CVE-2019-12917 | Cross-site Scripting vulnerability in Quest Kace Systems Management Appliance 9.1.317 A reflected XSS vulnerability exists in Quest KACE Systems Management Appliance Server Center 9.1.317 affecting the userui/software_library.php component via the PATH_INFO. | 6.1 |
| 2019-07-08 | CVE-2019-10973 | Improper Input Validation vulnerability in Quest Kace Systems Management Appliance Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to the appliance leveraging functions of the troubleshooting tools located in the administrator user interface. | 7.2 |
| 2019-06-03 | CVE-2018-5406 | Unspecified vulnerability in Quest Kace Systems Management Appliance Firmware 9.0 The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows a remote attacker to exploit the misconfigured Cross-Origin Resource Sharing (CORS) mechanism. | 8.8 |
| 2019-06-03 | CVE-2018-5405 | Cross-site Scripting vulnerability in Quest Kace Systems Management Appliance Firmware 9.0 The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated least privileged user with 'User Console Only' rights to potentially inject arbitrary JavaScript code on the tickets page. | 5.4 |
| 2019-06-03 | CVE-2018-5404 | SQL Injection vulnerability in Quest Kace Systems Management Appliance Firmware 9.0 The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated, remote attacker with least privileges ('User Console Only' role) to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy the entire database. | 6.5 |
| 2019-05-24 | CVE-2019-11604 | Cross-site Scripting vulnerability in Quest Kace Systems Management Appliance An issue was discovered in Quest KACE Systems Management Appliance before 9.1. | 6.1 |
| 2018-06-02 | CVE-2018-11194 | Incorrect Permission Assignment for Critical Resource vulnerability in Quest Disk Backup Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 6 of 6). | 8.8 |
| 2018-06-02 | CVE-2018-11193 | Incorrect Permission Assignment for Critical Resource vulnerability in Quest Disk Backup Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 5 of 6). | 8.8 |
| 2018-06-02 | CVE-2018-11192 | Incorrect Permission Assignment for Critical Resource vulnerability in Quest Disk Backup Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 4 of 6). | 8.8 |