18 matches found
CVE-2025-67813
Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions on the Named Pipes used for inter-process communication...
CVE-2025-67813
Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions on the Named Pipes used for inter-process communication...
Quest KACE Desktop Authority Cross-Site Scripting Vulnerability
Quest KACE Desktop Authority is a desktop management software from Quest, Inc. A cross-site scripting vulnerability exists in Quest KACE Desktop Authority, which can be exploited by remote attackers to submit special requests that can cause untrusted HTML to reach jQuery's jQuery. htmlPrefilter...
CVE-2021-44031
An issue was discovered in Quest KACE Desktop Authority before 11.2. /dacomponentui/profiles/profileitems/outlooksettings/Insertimage.aspx contains a vulnerability that could allow pre-authentication remote code execution. An attacker could upload a .ASP file to reside at /images/GUID/filename...
CVE-2021-44029
An issue was discovered in Quest KACE Desktop Authority before 11.2. This vulnerability allows attackers to execute remote code through a deserialization exploitation in the RadAsyncUpload function of ASP.NET AJAX. An attacker can leverage this vulnerability when the encryption keys are known due...
CVE-2021-44029
An issue was discovered in Quest KACE Desktop Authority before 11.2. This vulnerability allows attackers to execute remote code through a deserialization exploitation in the RadAsyncUpload function of ASP.NET AJAX. An attacker can leverage this vulnerability when the encryption keys are known due...
CVE-2021-44030
Quest KACE Desktop Authority before 11.2 allows XSS because it does not prevent untrusted HTML from reaching the jQuery.htmlPrefilter method of jQuery...
CVE-2021-44028
XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285...
CVE-2021-44028
XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285...
Server side request forgery (ssrf)
Quest KACE Desktop Authority before 11.2 allows XSS because it does not prevent untrusted HTML from reaching the jQuery.htmlPrefilter method of jQuery...
Design/Logic Flaw
An issue was discovered in Quest KACE Desktop Authority before 11.2. /dacomponentui/profiles/profileitems/outlooksettings/Insertimage.aspx contains a vulnerability that could allow pre-authentication remote code execution. An attacker could upload a .ASP file to reside at /images/GUID/filename...
CVE-2021-44029
An issue was discovered in Quest KACE Desktop Authority before 11.2. This vulnerability allows attackers to execute remote code through a deserialization exploitation in the RadAsyncUpload function of ASP.NET AJAX. An attacker can leverage this vulnerability when the encryption keys are known due...
CVE-2021-44029
CVE-2021-44029 affects Quest KACE Desktop Authority prior to 11.2. The issue allows remote code execution via deserialization in the RadAsyncUpload function of ASP.NET AJAX; exploitation is possible when encryption keys are known (related to CVE-2017-11317/11357 or other means). In newer ASP.NET ...
CVE-2021-44031
An issue was discovered in Quest KACE Desktop Authority before 11.2. /dacomponentui/profiles/profileitems/outlooksettings/Insertimage.aspx contains a vulnerability that could allow pre-authentication remote code execution. An attacker could upload a .ASP file to reside at /images/GUID/filename...
CVE-2021-44031
CVE-2021-44031 concerns Quest KACE Desktop Authority prior to 11.2. The issue is described as a vulnerability in /dacomponentui/profiles/profileitems/outlooksettings/Insertimage.aspx that could enable pre-authentication remote code execution, with an attacker able to upload a .ASP file to reside ...
CVE-2021-44028
CVE-2021-44028 : XXE vulnerability in Quest KACE Desktop Authority before 11.2 due to attacker-controlled log4net configuration files. The initial description ties the issue to a log4net configuration weakness (related to CVE-2018-1285). Connected documents do not provide further product-specific...
CVE-2021-44028
XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285...
Quest KACE Desktop Authority 代码问题漏洞
Quest KACE Desktop Authority is a desktop management software from Quest Inc. A code issue vulnerability exists in Quest KACE Desktop Authority, which can be exploited by attackers to remotely execute code...