Vulnerabilities > Quest > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-12-22 | CVE-2021-44029 | Deserialization of Untrusted Data vulnerability in Quest Kace Desktop Authority An issue was discovered in Quest KACE Desktop Authority before 11.2. | 7.5 |
2021-12-22 | CVE-2021-44031 | Unrestricted Upload of File with Dangerous Type vulnerability in Quest Kace Desktop Authority An issue was discovered in Quest KACE Desktop Authority before 11.2. | 7.5 |
2020-03-09 | CVE-2019-20504 | OS Command Injection vulnerability in Quest Kace Systems Management service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 (6.4.120822) allows a remote attacker to execute code via shell metacharacters in the kuid parameter. | 7.5 |
2019-11-06 | CVE-2019-12918 | SQL Injection vulnerability in Quest Kace Systems Management Appliance 9.1.317 Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection. | 7.5 |
2018-06-02 | CVE-2018-11143 | OS Command Injection vulnerability in Quest Disk Backup Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 1 of 46). | 7.5 |
2018-05-31 | CVE-2018-11141 | Path Traversal vulnerability in Quest Kace System Management Appliance 8.0.318 The 'IMAGES_JSON' and 'attachments_to_remove[]' parameters of the '/adminui/advisory.php' script in the Quest KACE System Management Virtual Appliance 8.0.318 can be abused to write and delete files respectively via Directory Traversal. | 7.5 |
2018-05-31 | CVE-2018-11140 | SQL Injection vulnerability in Quest Kace System Management Appliance 8.0.318 The 'reportID' parameter received by the '/common/run_report.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, an error-based type). | 7.5 |
2018-05-31 | CVE-2018-11136 | SQL Injection vulnerability in Quest Kace System Management Appliance 8.0.318 The 'orgID' parameter received by the '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, a blind time-based type). | 7.5 |
2018-05-31 | CVE-2018-11135 | Unspecified vulnerability in Quest Kace System Management Appliance 8.0.318 The script '/adminui/error_details.php' in the Quest KACE System Management Appliance 8.0.318 allows authenticated users to conduct PHP object injection attacks. | 8.8 |
2018-02-08 | CVE-2018-1162 | Unspecified vulnerability in Quest Netvault Backup 11.2.0.13 This vulnerability allows remote attackers to create a denial-of-service condition on vulnerable installations of Quest NetVault Backup 11.2.0.13. | 8.5 |