Vulnerabilities > Quest > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-02 | CVE-2018-11189 | OS Command Injection vulnerability in Quest Disk Backup Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 1 of 6). | 9.0 |
| 2018-05-31 | CVE-2018-11139 | OS Command Injection vulnerability in Quest Kace System Management Appliance 8.0.318 The '/common/ajax_email_connection_test.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by any authenticated user and can be abused to execute arbitrary commands on the system. | 9.0 |
| 2018-05-31 | CVE-2018-11138 | OS Command Injection vulnerability in Quest Kace System Management Appliance 8.0.318 The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system. | 10.0 |
| 2018-05-31 | CVE-2018-11134 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Quest Kace System Management Appliance 8.0.318 In order to perform actions that requires higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue managed that runs with root privileges and only allows a set of commands. | 9.0 |
| 2018-05-31 | CVE-2018-11132 | OS Command Injection vulnerability in Quest Kace System Management Appliance 8.0.318 In order to perform actions that require higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue that runs daemonized with root privileges and only allows a set of commands to be executed. | 9.0 |
| 2018-02-08 | CVE-2018-1163 | Unspecified vulnerability in Quest Netvault Backup 11.2.0.13 This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Quest NetVault Backup 11.2.0.13. | 10.0 |
| 2018-02-08 | CVE-2018-1161 | Improper Input Validation vulnerability in Quest Netvault Backup 11.2.0.13 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.2.0.13. | 10.0 |
| 2017-04-29 | CVE-2017-6553 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Quest Privilege Manager FOR Unix Buffer Overflow in Quest One Identity Privilege Manager for Unix before 6.0.0.061 allows remote attackers to obtain full access to the policy server via an ACT_ALERT_EVENT request that causes memory corruption in the pmmasterd daemon. | 10.0 |
| 2017-04-14 | CVE-2017-6554 | Improper Input Validation vulnerability in Quest Privilege Manager 6.0.027/6.0.050 pmmasterd in Quest Privilege Manager before 6.0.0.061, when configured as a policy server, allows remote attackers to write to arbitrary files and consequently execute arbitrary code with root privileges via an ACT_NEWFILESENT action. | 9.0 |
| 2012-11-17 | CVE-2012-5897 | Permissions, Privileges, and Access Controls vulnerability in Quest Intrust The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX control (ARDoc.dll) in Quest InTrust 10.4.0.853 and earlier do not properly implement the SaveToFile method, which allows remote attackers to write or overwrite arbitrary files via the bstrFileName argument. | 9.3 |