Lucene search
K

18 matches found

OSV
OSV
added 2026/01/12 4:16 p.m.5 views

CVE-2025-67813

Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions on the Named Pipes used for inter-process communication...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/12 12:0 a.m.4 views

CVE-2025-67813

Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions on the Named Pipes used for inter-process communication...

6.6AI score0.00197EPSS
Exploits0References2
CNVD
CNVD
added 2021/12/27 12:0 a.m.21 views

Quest KACE Desktop Authority Cross-Site Scripting Vulnerability

Quest KACE Desktop Authority is a desktop management software from Quest, Inc. A cross-site scripting vulnerability exists in Quest KACE Desktop Authority, which can be exploited by remote attackers to submit special requests that can cause untrusted HTML to reach jQuery's jQuery. htmlPrefilter...

6.1CVSS2.6AI score0.04162EPSS
Exploits0References1
NVD
NVD
added 2021/12/22 6:15 a.m.21 views

CVE-2021-44031

An issue was discovered in Quest KACE Desktop Authority before 11.2. /dacomponentui/profiles/profileitems/outlooksettings/Insertimage.aspx contains a vulnerability that could allow pre-authentication remote code execution. An attacker could upload a .ASP file to reside at /images/GUID/filename...

9.8CVSS0.02098EPSS
Exploits0References1
NVD
NVD
added 2021/12/22 6:15 a.m.36 views

CVE-2021-44029

An issue was discovered in Quest KACE Desktop Authority before 11.2. This vulnerability allows attackers to execute remote code through a deserialization exploitation in the RadAsyncUpload function of ASP.NET AJAX. An attacker can leverage this vulnerability when the encryption keys are known due...

9.8CVSS0.00868EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/12/22 6:15 a.m.98 views

CVE-2021-44029

An issue was discovered in Quest KACE Desktop Authority before 11.2. This vulnerability allows attackers to execute remote code through a deserialization exploitation in the RadAsyncUpload function of ASP.NET AJAX. An attacker can leverage this vulnerability when the encryption keys are known due...

9.8CVSS7.6AI score0.00868EPSS
In wildExploits0References2
NVD
NVD
added 2021/12/22 6:15 a.m.20 views

CVE-2021-44030

Quest KACE Desktop Authority before 11.2 allows XSS because it does not prevent untrusted HTML from reaching the jQuery.htmlPrefilter method of jQuery...

6.1CVSS0.04162EPSS
Exploits0References1
OSV
OSV
added 2021/12/22 6:15 a.m.6 views

CVE-2021-44028

XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285...

5.5CVSS7.3AI score0.03001EPSS
Exploits0References1
NVD
NVD
added 2021/12/22 6:15 a.m.32 views

CVE-2021-44028

XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285...

5.5CVSS0.03001EPSS
Exploits0References1
Prion
Prion
added 2021/12/22 6:15 a.m.15 views

Server side request forgery (ssrf)

Quest KACE Desktop Authority before 11.2 allows XSS because it does not prevent untrusted HTML from reaching the jQuery.htmlPrefilter method of jQuery...

4.3CVSS6AI score0.04162EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/12/22 6:15 a.m.13 views

Design/Logic Flaw

An issue was discovered in Quest KACE Desktop Authority before 11.2. /dacomponentui/profiles/profileitems/outlooksettings/Insertimage.aspx contains a vulnerability that could allow pre-authentication remote code execution. An attacker could upload a .ASP file to reside at /images/GUID/filename...

7.5CVSS9.6AI score0.02098EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/12/22 5:8 a.m.38 views

CVE-2021-44029

An issue was discovered in Quest KACE Desktop Authority before 11.2. This vulnerability allows attackers to execute remote code through a deserialization exploitation in the RadAsyncUpload function of ASP.NET AJAX. An attacker can leverage this vulnerability when the encryption keys are known due...

9.8AI score0.00868EPSS
Exploits0References1
CVE
CVE
added 2021/12/22 5:8 a.m.249 views

CVE-2021-44029

CVE-2021-44029 affects Quest KACE Desktop Authority prior to 11.2. The issue allows remote code execution via deserialization in the RadAsyncUpload function of ASP.NET AJAX; exploitation is possible when encryption keys are known (related to CVE-2017-11317/11357 or other means). In newer ASP.NET ...

9.8CVSS9.6AI score0.00868EPSS
In wildExploits0References1Affected Software1
Cvelist
Cvelist
added 2021/12/22 5:8 a.m.19 views

CVE-2021-44031

An issue was discovered in Quest KACE Desktop Authority before 11.2. /dacomponentui/profiles/profileitems/outlooksettings/Insertimage.aspx contains a vulnerability that could allow pre-authentication remote code execution. An attacker could upload a .ASP file to reside at /images/GUID/filename...

9.9AI score0.02098EPSS
Exploits0References1
CVE
CVE
added 2021/12/22 5:8 a.m.73 views

CVE-2021-44031

CVE-2021-44031 concerns Quest KACE Desktop Authority prior to 11.2. The issue is described as a vulnerability in /dacomponentui/profiles/profileitems/outlooksettings/Insertimage.aspx that could enable pre-authentication remote code execution, with an attacker able to upload a .ASP file to reside ...

9.8CVSS9.7AI score0.02098EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/12/22 5:3 a.m.72 views

CVE-2021-44028

CVE-2021-44028 : XXE vulnerability in Quest KACE Desktop Authority before 11.2 due to attacker-controlled log4net configuration files. The initial description ties the issue to a log4net configuration weakness (related to CVE-2018-1285). Connected documents do not provide further product-specific...

5.5CVSS7AI score0.03001EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/12/22 5:3 a.m.32 views

CVE-2021-44028

XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285...

7.5AI score0.03001EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/12/22 12:0 a.m.5 views

Quest KACE Desktop Authority 代码问题漏洞

Quest KACE Desktop Authority is a desktop management software from Quest Inc. A code issue vulnerability exists in Quest KACE Desktop Authority, which can be exploited by attackers to remotely execute code...

9.8CVSS5.8AI score0.02098EPSS
Exploits0References2
Rows per page
Query Builder