46 matches found
EUVD-2018-4305
Malware in sbrugna...
EUVD-2018-4309
Malware in sbrugna...
EUVD-2019-4631
Malware in sbrugna...
EUVD-2018-3175
Malware in sbrugna...
EUVD-2018-3178
Malware in sbrugna...
EUVD-2022-34129
Malicious code in bioql PyPI...
EUVD-2025-27831
Malicious code in bioql PyPI...
EUVD-2025-19028
Malicious code in bioql PyPI...
CVE-2014-125113 Dell/Quest KACE K1000 Unauthenticated File Upload RCE
An unrestricted file upload vulnerability exists in Dell acquired by Quest KACE K1000 System Management Appliance version 5.0 - 5.3, 5.4 prior to 5.4.76849, and 5.5 prior to 5.5.90547 in the downloadagent.php endpoint. An attacker can upload arbitrary PHP files to a temporary web-accessible...
CVE-2014-125113
The Dell/Quest KACE K1000 System Management Appliance (versions 5.0–5.3, 5.4 before 5.4.76849, and 5.5 before 5.5.90547) is affected by an unauthenticated unrestricted file upload vulnerability in the download_agent.php endpoint. An attacker can upload PHP files to a temporary web‑accessible dire...
PT-2025-26743
Name of the Vulnerable Software and Affected Versions: Quest KACE Systems Management Appliance SMA versions 13.0.x through 13.0.384 Quest KACE Systems Management Appliance SMA versions 13.1.x through 13.1.80 Quest KACE Systems Management Appliance SMA versions 13.2.x through 13.2.182 Quest KACE...
PT-2022-19842 · Quest · Quest Kace System Management Appliance
Name of the Vulnerable Software and Affected Versions: Quest KACE Systems Management Appliance SMA versions prior to 12.0 Description: The issue is related to predictable token generation when appliance linking is enabled. Recommendations: For versions prior to 12.0, update to version 12.0 or lat...
Improper access control
Incorrect access control in ECOS System Management Appliance aka SMA 5.2.68 allows a user to compromise authentication keys, and access and manipulate security relevant configurations, via unrestricted database access during Easy Enrollment...
CVE-2018-12335
Incorrect access control in ECOS System Management Appliance aka SMA 5.2.68 allows a user to compromise authentication keys, and access and manipulate security relevant configurations, via unrestricted database access during Easy Enrollment...
CVE-2018-12335
Incorrect access control in ECOS System Management Appliance aka SMA 5.2.68 allows a user to compromise authentication keys, and access and manipulate security relevant configurations, via unrestricted database access during Easy Enrollment...
CVE-2018-12335
CVE-2018-12335 affects ECOS System Management Appliance (SMA) 5.2.68. Root cause: improper access control allowing unrestricted database access during Easy Enrollment. Consequence: an attacker could compromise authentication keys and access/manipulate security-related configurations. Public detai...
CVE-2018-12331
The CVE-2018-12331 entry concerns ECOS System Management Appliance (SMA) v5.2.68. Affected component: SMA authentication during Easy Enrollment. Root cause: authentication bypass via IP spoofing enabling a man-in-the-middle to access activation codes, passwords, and configurations. Documented imp...
CVE-2018-12338
ECOS SMA 5.2.68 is affected by an undocumented vendor backdoor that enables extraction of confidential information and manipulation of security configurations via remote root SSH access. The issue is described consistently across multiple records (NVD CVE-2018-12338 and related CNVD/PRION entries...
Quest KACE System Management Appliance Command Injection Vulnerability (CNVD-2018-10906)
Quest KACE System Management Appliance is an IT asset management appliance from Quest Software, USA. A command injection vulnerability exists in Quest KACE System Management Appliance version 8.0.318. An attacker can use this vulnerability to inject arbitrary commands and execute them with root...
Authorization
The 'systemui/settingsnetwork.php' and 'systemui/settingspatching.php' scripts in the Quest KACE System Management Appliance 8.0.318 are accessible only from localhost. This restriction can be bypassed by modifying the 'Host' and 'XForwardedFor' HTTP headers in a POST request. An anonymous user c...