Latest Quest Vulnerabilities

CVE-2023-33254
There is an LDAP bind credentials exposure on KACE Systems Deployment and Remote Site appliances 9.0.146. The captured credentials may provide a higher privilege level on the Active Directory domain. ...
Quest Kace Systems Deployment Appliance=9.0.146
CVE-2022-38220
An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that may allow remote injection of arbitrary web script or HTML.
Quest KACE Systems Management Appliance<=12.1
CVE-2022-29807
A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code execution via download_agent_installer.php.
Quest KACE Systems Management Appliance<12.1.168
CVE-2022-29808
In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linking is enabled.
Quest KACE Systems Management Appliance<12.1.168
CVE-2022-30285
In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. This may allow authentication with invalid credentials.
Quest KACE Systems Management Appliance<12.1.168
CVE-2021-44029
An issue was discovered in Quest KACE Desktop Authority before 11.2. This vulnerability allows attackers to execute remote code through a deserialization exploitation in the RadAsyncUpload function of...
Quest KACE Desktop Authority>=10.0<11.2
CVE-2021-44031
An issue was discovered in Quest KACE Desktop Authority before 11.2. /dacomponentui/profiles/profileitems/outlooksettings/Insertimage.aspx contains a vulnerability that could allow pre-authentication ...
Quest KACE Desktop Authority<11.2
CVE-2021-44030
Quest KACE Desktop Authority before 11.2 allows XSS because it does not prevent untrusted HTML from reaching the jQuery.htmlPrefilter method of jQuery.
Quest KACE Desktop Authority>=10.0<11.2
CVE-2021-44028
XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285.
Quest KACE Desktop Authority>=10.0<11.2
CVE-2020-35727
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the BrowseDirs.do fi...
Quest Policy Authority For Unified Communications=8.1.2.200
=8.1.2.200
CVE-2020-35726
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applicati...
Quest Policy Authority For Unified Communications=8.1.2.200
=8.1.2.200
CVE-2020-35725
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/index.jsp...
Quest Policy Authority For Unified Communications=8.1.2.200
=8.1.2.200
CVE-2020-35722
** UNSUPPORTED WHEN ASSIGNED ** CSRF in Web Compliance Manager in Quest Policy Authority 8.1.2.200 allows remote attackers to force user modification/creation via a specially crafted link to the submi...
Quest Policy Authority For Unified Communications=8.1.2.200
=8.1.2.200
CVE-2020-35724
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the Error.jsp file v...
Quest Policy Authority For Unified Communications=8.1.2.200
=8.1.2.200
CVE-2020-35720
** UNSUPPORTED WHEN ASSIGNED ** Stored XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to store malicious code in multiple fields (first name, last name, and logon name) when creating ...
Quest Policy Authority For Unified Communications=8.1.2.200
=8.1.2.200
CVE-2020-35723
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the ReportPreview.do...
Quest Policy Authority For Unified Communications=8.1.2.200
=8.1.2.200
CVE-2020-35203
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted l...
Quest Policy Authority For Unified Communications=8.1.2.200
=8.1.2.200
CVE-2020-35719
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applicati...
Quest Policy Authority For Unified Communications=8.1.2.200
=8.1.2.200
CVE-2020-35721
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the BrowseAssets.do ...
Quest Policy Authority For Unified Communications=8.1.2.200
=8.1.2.200
CVE-2020-35206
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted l...
Quest Policy Authority For Unified Communications=8.1.2.200
CVE-2020-35205
** UNSUPPORTED WHEN ASSIGNED ** Server Side Request Forgery (SSRF) in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to scan internal ports and make outbound conne...
Quest Policy Authority For Unified Communications=8.1.2.200
CVE-2020-35204
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the PolicyAuthority...
Quest Policy Authority For Unified Communications=8.1.2.200
=8.1.2.200
CVE-2020-8868
Quest Foglight Evolve CommandLineService Use of Hard-coded Credentials Remote Code Execution Vulnerability
Quest Foglight Evolve
Quest Foglight Evolve=9.0.0
CVE-2019-13081
Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the title field in the /common/ticket_associated_tickets.php service desk ticket functionality) that allows ...
Quest KACE Systems Management Appliance=9.1.317
CVE-2019-13080
Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via an SVG image and HTML file) that allows an authenticated user to execute arbitrary JavaScript in an administ...
Quest KACE Systems Management Appliance=9.1.317
CVE-2019-13077
Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the sam_detail_titled.php SAM_TYPE parameter) that allows an attacker to create a malicious link in order to...
Quest KACE Systems Management Appliance=9.1.317
CVE-2019-12917
A reflected XSS vulnerability exists in Quest KACE Systems Management Appliance Server Center 9.1.317 affecting the userui/software_library.php component via the PATH_INFO.
Quest KACE Systems Management Appliance=9.1.317
CVE-2019-13078
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected com...
Quest KACE Systems Management Appliance=9.1.317
CVE-2019-12918
Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection. The affected file is software_library.php and affected parameters are order[0][column] and order[0...
Quest KACE Systems Management Appliance=9.1.317
CVE-2019-13076
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected com...
Quest KACE Systems Management Appliance=9.1.317
CVE-2019-10973
Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to the appliance leveraging functions of the troubleshooting tools located in the administrator user inte...
Quest KACE Systems Management Appliance>=8.0.0<=8.0.320
Quest KACE Systems Management Appliance>=8.1.0<=8.1.108
Quest KACE Systems Management Appliance>=9.0.0<=9.0.270
CVE-2018-5406
The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows a remote attacker to exploit the misconfigured Cross-Origin Resource Sharing (CORS) mechanism. An unauthenticated, remote attacker cou...
Quest Kace Systems Management Appliance Firmware<9.0.270
Quest KACE Systems Management Appliance
CVE-2018-5404
Quest Kace Systems Management Appliance Firmware<9.0.270
Quest KACE Systems Management Appliance
CVE-2018-5405
The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated least privileged user with 'User Console Only' rights to potentially inject arbitrary JavaScript code on the tickets ...
Quest Kace Systems Management Appliance Firmware<9.0.270
Quest KACE Systems Management Appliance
CVE-2019-11604
An issue was discovered in Quest KACE Systems Management Appliance before 9.1. The script at /service/kbot_service_notsoap.php is vulnerable to unauthenticated reflected XSS when user-supplied input t...
Quest KACE Systems Management Appliance<9.1
CVE-2018-11181
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 39 of 46).
Quest Disk Backup<4.0.3.1
CVE-2018-11180
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 38 of 46).
Quest Disk Backup<4.0.3.1
CVE-2018-11186
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 44 of 46).
Quest Disk Backup<4.0.3.1
CVE-2018-11185
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 43 of 46).
Quest Disk Backup<4.0.3.1
CVE-2018-11183
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 41 of 46).
Quest Disk Backup<4.0.3.1
CVE-2018-11182
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 40 of 46).
Quest Disk Backup<4.0.3.1
CVE-2018-11187
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 45 of 46).
Quest Disk Backup<4.0.3.1
CVE-2018-11175
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 33 of 46).
Quest Disk Backup<4.0.3.1
CVE-2018-11193
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 5 of 6).
Quest Disk Backup<4.0.3.1
CVE-2018-11194
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 6 of 6).
Quest Disk Backup<4.0.3.1
CVE-2018-11190
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 2 of 6).
Quest Disk Backup<4.0.3.1
CVE-2018-11184
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 42 of 46).
Quest Disk Backup<4.0.3.1
CVE-2018-11179
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 37 of 46).
Quest Disk Backup<4.0.3.1
CVE-2018-11176
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 34 of 46).
Quest Disk Backup<4.0.3.1
CVE-2018-11178
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 36 of 46).
Quest Disk Backup<4.0.3.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203