Vulnerabilities > Quest > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-06 | CVE-2019-12917 | Cross-site Scripting vulnerability in Quest Kace Systems Management Appliance 9.1.317 A reflected XSS vulnerability exists in Quest KACE Systems Management Appliance Server Center 9.1.317 affecting the userui/software_library.php component via the PATH_INFO. | 4.3 |
| 2019-06-03 | CVE-2018-5404 | SQL Injection vulnerability in Quest Kace Systems Management Appliance Firmware The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated, remote attacker with least privileges ('User Console Only' role) to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy the entire database. | 4.0 |
| 2019-05-24 | CVE-2019-11604 | Cross-site Scripting vulnerability in Quest Kace Systems Management Appliance An issue was discovered in Quest KACE Systems Management Appliance before 9.1. | 4.3 |
| 2018-06-02 | CVE-2018-11188 | OS Command Injection vulnerability in Quest Disk Backup Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 46 of 46). | 6.5 |
| 2018-06-02 | CVE-2018-11187 | OS Command Injection vulnerability in Quest Disk Backup Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 45 of 46). | 6.5 |
| 2018-06-02 | CVE-2018-11186 | OS Command Injection vulnerability in Quest Disk Backup Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 44 of 46). | 6.5 |
| 2018-06-02 | CVE-2018-11185 | OS Command Injection vulnerability in Quest Disk Backup Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 43 of 46). | 6.5 |
| 2018-06-02 | CVE-2018-11184 | OS Command Injection vulnerability in Quest Disk Backup Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 42 of 46). | 6.5 |
| 2018-06-02 | CVE-2018-11183 | OS Command Injection vulnerability in Quest Disk Backup Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 41 of 46). | 6.5 |
| 2018-06-02 | CVE-2018-11182 | OS Command Injection vulnerability in Quest Disk Backup Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 40 of 46). | 6.5 |