Filtered by vendor Quest
Subscriptions
Total
137 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-125113 | 1 Quest | 1 Kace Systems Management Appliance | 2025-08-06 | N/A |
| An unrestricted file upload vulnerability exists in Dell (acquired by Quest) KACE K1000 System Management Appliance version 5.0 - 5.3, 5.4 prior to 5.4.76849, and 5.5 prior to 5.5.90547 in the download_agent.php endpoint. An attacker can upload arbitrary PHP files to a temporary web-accessible directory, which are later executed through inclusion in backend code that loads files under attacker-controlled paths. | ||||
| CVE-2018-11138 | 1 Quest | 1 Kace System Management Appliance | 2025-07-30 | 9.8 Critical |
| The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system. | ||||
| CVE-2025-32977 | 1 Quest | 1 Kace Systems Management Appliance | 2025-07-13 | 9.6 Critical |
| Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) allows unauthenticated users to upload backup files to the system. While signature validation is implemented, weaknesses in the validation process can be exploited to upload malicious backup content that could compromise system integrity. | ||||
| CVE-2025-32976 | 1 Quest | 1 Kace Systems Management Appliance | 2025-07-13 | 8.8 High |
| Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains a logic flaw in its two-factor authentication implementation that allows authenticated users to bypass TOTP-based 2FA requirements. The vulnerability exists in the 2FA validation process and can be exploited to gain elevated access. | ||||
| CVE-2025-32978 | 1 Quest | 1 Kace Systems Management Appliance | 2025-07-13 | 7.5 High |
| Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) allows unauthenticated users to replace system licenses through a web interface intended for license renewal. Attackers can exploit this to replace valid licenses with expired or trial licenses, causing denial of service. | ||||
| CVE-2025-32975 | 1 Quest | 1 Kace Systems Management Appliance | 2025-07-13 | 10 Critical |
| Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid credentials. The vulnerability exists in the SSO authentication handling mechanism and can lead to complete administrative takeover. | ||||
| CVE-2025-26850 | 1 Quest | 1 Kace Systems Management Appliance | 2025-07-13 | 9.3 Critical |
| The agent in Quest KACE Systems Management Appliance (SMA) before 14.0.97 and 14.1.x before 14.1.19 potentially allows privilege escalation on managed systems. | ||||
| CVE-2017-12567 | 1 Quest | 3 K1000 As A Service, Kace Asset Management Appliance, Kace Systems Management Appliance | 2025-04-20 | N/A |
| SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 through 7.2.101, and K1000 as a Service 7.0 through 7.2. | ||||
| CVE-2017-6554 | 1 Quest | 1 Privilege Manager | 2025-04-20 | N/A |
| pmmasterd in Quest Privilege Manager before 6.0.0.061, when configured as a policy server, allows remote attackers to write to arbitrary files and consequently execute arbitrary code with root privileges via an ACT_NEWFILESENT action. | ||||
| CVE-2017-6553 | 1 Quest | 1 Privilege Manager For Unix | 2025-04-20 | N/A |
| Buffer Overflow in Quest One Identity Privilege Manager for Unix before 6.0.0.061 allows remote attackers to obtain full access to the policy server via an ACT_ALERT_EVENT request that causes memory corruption in the pmmasterd daemon. | ||||
| CVE-2012-5897 | 1 Quest | 1 Intrust | 2025-04-11 | N/A |
| The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX control (ARDoc.dll) in Quest InTrust 10.4.0.853 and earlier do not properly implement the SaveToFile method, which allows remote attackers to write or overwrite arbitrary files via the bstrFileName argument. | ||||
| CVE-2012-5896 | 1 Quest | 1 Intrust | 2025-04-11 | N/A |
| The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method, which allows remote attackers to execute arbitrary code via a memory address in the first argument, related to an "uninitialized pointer." | ||||
| CVE-2012-0279 | 1 Quest | 1 Toad For Data Analysts | 2025-04-11 | N/A |
| Quest Toad for Data Analysts 3.0.1 uses weak permissions (Everyone: Full Control) for the %COMMONPROGRAMFILES%\Quest Shared directory, which allows local users to gain privileges via a Trojan horse file. | ||||
| CVE-2022-38220 | 1 Quest | 1 Kace Systems Management Appliance | 2025-03-18 | 6.1 Medium |
| An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that may allow remote injection of arbitrary web script or HTML. | ||||
| CVE-2023-33254 | 1 Quest | 1 Kace Systems Deployment Appliance | 2025-01-31 | 6.5 Medium |
| There is an LDAP bind credentials exposure on KACE Systems Deployment and Remote Site appliances 9.0.146. The captured credentials may provide a higher privilege level on the Active Directory domain. To exploit this, an authenticated attacker edits the user-authentication settings to specify an attacker-controlled LDAP server, clicks the Test Settings button, and captures the cleartext credentials. | ||||
| CVE-2022-30285 | 1 Quest | 1 Kace Systems Management Appliance | 2024-11-21 | 9.8 Critical |
| In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. This may allow authentication with invalid credentials. | ||||
| CVE-2022-29808 | 1 Quest | 1 Kace Systems Management Appliance | 2024-11-21 | 7.5 High |
| In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linking is enabled. | ||||
| CVE-2022-29807 | 1 Quest | 1 Kace Systems Management Appliance | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code execution via download_agent_installer.php. | ||||
| CVE-2021-44031 | 1 Quest | 1 Kace Desktop Authority | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Quest KACE Desktop Authority before 11.2. /dacomponentui/profiles/profileitems/outlooksettings/Insertimage.aspx contains a vulnerability that could allow pre-authentication remote code execution. An attacker could upload a .ASP file to reside at /images/{GUID}/{filename}. | ||||
| CVE-2021-44030 | 1 Quest | 1 Kace Desktop Authority | 2024-11-21 | 6.1 Medium |
| Quest KACE Desktop Authority before 11.2 allows XSS because it does not prevent untrusted HTML from reaching the jQuery.htmlPrefilter method of jQuery. | ||||