176 matches found
CVE-2019-13078
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /common/userprofile.php. The affected parameter is sortcolumn...
CVE-2019-13079
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /adminui/historylog.php. The affected parameter is TYPENAME...
CVE-2019-12917
A reflected XSS vulnerability exists in Quest KACE Systems Management Appliance Server Center 9.1.317 affecting the userui/softwarelibrary.php component via the PATHINFO...
CVE-2019-13080
Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability via an SVG image and HTML file that allows an authenticated user to execute arbitrary JavaScript in an administrator's browser...
Design/Logic Flaw
Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability via the samdetailtitled.php SAMTYPE parameter that allows an attacker to create a malicious link in order to attack authenticated users...
CVE-2019-13081
Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability via the title field in the /common/ticketassociatedtickets.php service desk ticket functionality that allows an authenticated user to execute arbitrary JavaScript in a service desk user's browser...
Sql injection
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /adminui/historylog.php. The affected parameter is TYPENAME...
Design/Logic Flaw
Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability via the title field in the /common/ticketassociatedtickets.php service desk ticket functionality that allows an authenticated user to execute arbitrary JavaScript in a service desk user's browser...
CVE-2019-13079
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /adminui/historylog.php. The affected parameter is TYPENAME...
Sql injection
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /common/userprofile.php. The affected parameter is sortcolumn...
CVE-2019-13081
Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability via the title field in the /common/ticketassociatedtickets.php service desk ticket functionality that allows an authenticated user to execute arbitrary JavaScript in a service desk user's browser...
CVE-2019-13081
CVE-2019-13081 affects Quest KACE Systems Management Appliance Server Center 9.1.317. The web application vulnerability permits an authenticated user to inject and execute arbitrary JavaScript in a service desk user’s browser via the title field in /common/ticket_associated_tickets.php. The root ...
CVE-2019-13080
The CVE-2019-13080 vulnerability affects Quest KACE Systems Management Appliance Server Center 9.1.317. A cross-site scripting (XSS) flaw exists in the web interface that can be triggered via an SVG image and an HTML file, allowing an authenticated administrator to have arbitrary JavaScript execu...
CVE-2019-13079
CVE-2019-13079 affects Quest KACE Systems Management Appliance Server Center 9.1.317. The vulnerability is an SQL injection in the /adminui/history_log.php endpoint, targeting the TYPE_NAME parameter. An authenticated user can potentially alter the database or execute arbitrary commands via the i...
CVE-2019-13078
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /common/userprofile.php. The affected parameter is sortcolumn...
CVE-2019-13078
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection in /common/user_profile.php (parameter sort_column). An authenticated user can execute arbitrary SQL commands against the underlying database. Root cause cited in CNVD reports as lack of validation of ext...
CVE-2019-13077
Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability via the samdetailtitled.php SAMTYPE parameter that allows an attacker to create a malicious link in order to attack authenticated users...
CVE-2019-13077
CVE-2019-13077 affects Quest KACE Systems Management Appliance Server Center version 9.1.317, where an XSS flaw is exploitable via the sam_detail_titled.php SAM_TYPE parameter. This allows an attacker to craft a malicious link that could execute script in the context of authenticated users. Root ...
CVE-2019-13076
CVE-2019-13076 affects Quest KACE Systems Management Appliance Server Center 9.1.317. The vulnerability is a SQL injection in the /userui/ticket_list.php component, using parameters order[0][column] and order[0][dir]. An authenticated user can potentially execute arbitrary SQL commands against th...
CVE-2019-12918
CVE-2019-12918 affects Quest KACE Systems Management Appliance Server Center v9.1.317. Multiple connected sources confirm a SQL injection vulnerability in the file software_library.php, targeting parameters order[0][column] and order[0][dir]. The root cause is insufficient validation of externall...